[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250038

 
 

909

 
 

195843

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15151 Download | Alert*

The dot package v1.1.2 uses Function to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.

An issue was discovered in Tiny Tiny RSS before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.

The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim"s webmail account by making them visit a malicious URL.

DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari.

Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim"s browser .

Horde Groupware Webmail Edition through 5.2.22 allows XSS.

An issue was discovered in Open Ticket Request System 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm.

The host is installed with IBM HTTP Server 2.0.47 or lower and is prone to multiple cross site scripting vulnerabilities. The flaws are present in the application, which fails to sanitize user supplied input. Successful exploitation could allow attackers to inject arbitrary code.

The host is installed with IBM OpenAdmin Tool (OAT) before 2.72 for Informix and is prone to multiple cross site scripting vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to inject arbitrary code.

The host is installed with IBM Rational Asset Manager before 7.5.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle malicious input. Successful exploitation could allow attackers to inject arbitrary web script or html files.


Pages:      Start    1491    1492    1493    1494    1495    1496    1497    1498    1499    1500    1501    1502    1503    1504    ..   1515

© SecPod Technologies