Latest Security News about stored cross site scripting

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56,

  Overview : Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. CVE-2020-11778   Security Advisory for Stored Cross Site Scripting on Some Routers and Gateways, PSV-2018-0526 Associated CVE [...]

In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.

  Overview : In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.codeBeamer versions 9.5 and below suffer from multiple persistent cross site scripting vulnerabilities. CVE-2019-19912 Overview In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers [...]

LiveZilla blind Javascript Injection – Cross Site Scripting (XSS)

Overview : An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The […]

Stored XSS on Archery before 1.3

Overview : In Archery before 1.3, inserting an XSS payload into a project name (either by creating a new project or editing an existing one) will result in stored XSS on the vulnerability-scan scheduling page. Affected Product(s) : Archery before 1.3 Vulnerability Details : CVE ID : CVE-2019-20008 Upon a security analysis of the platform, […]

Accentis Content Resource Management System suffer from a cross site scripting vulnerability.

Overview : Accentis Content Resource Management System versions released prior to the October 2015 patch suffer from a cross site scripting vulnerability. Affected Product(s) : Accentis Content Resource Management System Vulnerability Details : CVE ID : CVE-2015-3425 Cross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before October 2015 patch allows remote attackers to […]