[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15134 Download | Alert*

A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb.

class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment.

Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim"s webmail account by making them visit a malicious URL.

The dot package v1.1.2 uses Function to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.

An issue was discovered in Tiny Tiny RSS before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.

The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim"s webmail account by making them visit a malicious URL.

DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari.

Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim"s browser .

Horde Groupware Webmail Edition through 5.2.22 allows XSS.

An issue was discovered in Open Ticket Request System 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm.


Pages:      Start    1489    1490    1491    1492    1493    1494    1495    1496    1497    1498    1499    1500    1501    1502    ..   1513

© SecPod Technologies