[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249966

 
 

909

 
 

195636

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 15149 Download | Alert*

The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim"s webmail account by making them visit a malicious URL.

DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS for an SVG element or a MATH element, as demonstrated by Chrome and Safari.

Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim"s browser .

Horde Groupware Webmail Edition through 5.2.22 allows XSS.

An issue was discovered in Open Ticket Request System 6.x before 6.0.17 and 7.x before 7.0.5. An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS. This is related to Kernel/Output/Template/Document.pm.

The host is installed with IBM HTTP Server 2.0.47 or lower and is prone to multiple cross site scripting vulnerabilities. The flaws are present in the application, which fails to sanitize user supplied input. Successful exploitation could allow attackers to inject arbitrary code.

The host is installed with IBM OpenAdmin Tool (OAT) before 2.72 for Informix and is prone to multiple cross site scripting vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation could allow attackers to inject arbitrary code.

The host is installed with IBM Rational Asset Manager before 7.5.1 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle malicious input. Successful exploitation could allow attackers to inject arbitrary web script or html files.

The host is installed with HP SNMP Agents for Linux before 9.0.0 and is prone to a cross site scripting vulnerability. A flaw is present in the application, which fails to handle arbitrary web script. Successful exploitation could allow attackers to inject arbitrary code.

The host is installed with IBM Tivoli Directory Server (TDS) 6.2 before 6.2.0.22 or 6.3 before 6.3.0.11 and is prone to cross-site scripting (XSS) vulnerability. A flaw is present in the application, which fails to properly filter HTML code from user-supplied input before displaying the input. Successful exploitation allows remote attackers to inject arbitrary web script or HTML via unspecified ve ...


Pages:      Start    1491    1492    1493    1494    1495    1496    1497    1498    1499    1500    1501    1502    1503    1504    ..   1514

© SecPod Technologies