User Management System version 2.0 suffers from a persistent cross site scripting vulnerability.

Complaint Management System version 4.2 suffers from a persistent cross site scripting vulnerability.

jQuery versions prior to 3.5 suffer from an html() cross site scripting vulnerability.

Open-AudIT version 3.3.0 suffers from a cross site scripting vulnerability.

Geeklog version 2.2.1 suffers from a cross site scripting vulnerability.

POS PHP version 17.5 suffers from a persistent cross site scripting vulnerability.

Easy Transfer version 1.7 for iOS suffers from cross site scripting and directory traversal vulnerabilities.

ChemInv version 1 suffers from a persistent cross site scripting vulnerability.

Online Scheduling System version 1.0 suffers from a persistent cross site scripting vulnerability.

PHP-Fusion version 9.03.50 suffers from a persistent cross site scripting vulnerability.

osTicket version 1.14.1 suffers from a persistent cross site scripting vulnerability.

WordPress WooCommerce Advanced Order Export plugin version 3.1.3 suffers from a cross site scripting vulnerability.

Online Clothing Store version 1.0 suffers from a persistent cross site scripting vulnerability.

Sentrifugo CMS version 3.2 suffers from a persistent cross site scripting vulnerability.

iChat version 1.6 suffers from a cross site scripting vulnerability.

OpenZ ERP version 3.6.60 suffers from a persistent cross site scripting vulnerability.

Draytek VigorAP suffers from a persistent cross site scripting vulnerability. Multiple different versions are affected.

Tiny MySQL suffers from a cross site scripting vulnerability.

WebTareas version 2.0p8 suffers from a cross site scripting vulnerability.

WordPress Dosimple theme version 2.0 suffers from a cross site scripting vulnerability.

Phrack: Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622.

CHIYU BF430 TCP IP Converter suffers from a persistent cross site scripting vulnerability.

Juniper Secure Access suffers from a cross site scripting vulnerability. SA Appliances running Juniper IVE OS 6.0 or higher are affected.

This is a list of older cross site scripting and bypass vulnerabilities associated with older Juniper IVE releases.

Juniper Secure Access software suffers from a reflective cross site scripting vulnerability.

Juniper JunOS version 9.x suffers from a html injection vulnerability that allows for cross site scripting attacks.

The Swift File Transfer mobile application for ios, blackberry and android suffers from cross site scripting and information disclosure vulnerabilities.

Create-Project Manager version 1.07 suffers from cross site scripting and html injection vulnerabilities.

LANCOM WLAN Controller suffers from multiple cross site scripting vulnerabilities. Multiple versions and firmware are affected.

The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.

The vulnerability described in this document can be exploited by a malicious Web page to execute arbitrary code with low integrity. Active scripting must be enabled, and the present exploitation techniques require that font downloading be set to "Enable" or "Prompt" and that the "mailto:" protocol be present. (These requirements are satisfied by default on Windows XP, Windows Vista, and Windows 7.) The user is presented with a message box which must be dismissed before code execution can occur.

Open-Xchange OX App Suite suffers from a content spoofing, cross site scripting, and information disclosure vulnerabilities. Versions affected vary depending on the vulnerability.

Macs Framework version 1.14f suffers from cross site scripting and remote SQL injection vulnerabilities.

Project Open CMS version 5.0.3 suffers from cross site scripting and remote SQL injection vulnerabilities.

hits script version 1.0 suffers from a remote SQL injection vulnerability.

Teltonika RUT9XX routers with firmware before 00.05.01.1 are prone to cross site scripting vulnerabilities in hotspotlogin.cgi due to insufficient user input sanitization.

An exploitable cross-site scripting vulnerability exists in the ACEManager ping_result.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP ping request can cause reflected javascript code execution, resulting in the execution of javascript code running on the victim's browser. An attacker can get a victim to click a link, or embedded URL, that redirects to the reflected cross-site scripting vulnerability to trigger this vulnerability.

This Metasploit module exploits a vulnerability in Total.js CMS. The issue is that a user with admin permission can embed a malicious JavaScript payload in a widget, which is evaluated server side, and gain remote code execution.

China's coronavirus outbreak is having a seismic effect in Asia and beyond, writes Lawrence Yeo.

Sweden’s ambitious plan to drastically cut emissions from transport by bringing millions of electric cars onto the road could be derailed by a lack of power capacity for new charging stations in major cities.

Sweden’s ambitious plan to drastically cut emissions from transport by bringing millions of electric cars onto the road could be derailed by a lack of power capacity for new charging stations in major cities.

Sweden’s ambitious plan to drastically cut emissions from transport by bringing millions of electric cars onto the road could be derailed by a lack of power capacity for new charging stations in major cities.

Malwarebytes Researchers Say Attacks Appear Related to Magecart
Cybercriminals are hiding malicious JavaScript skimmers in the "favicon" icons of several ecommerce websites in an effort to steal payment card data from customers, researchers at Malwarebytes say.

Malwarebytes Researchers Say Attacks Appear Related to Magecart
Cybercriminals are hiding malicious JavaScript skimmers in the "favicon" icons of several ecommerce websites in an effort to steal payment card data from customers, researchers at Malwarebytes say.

Malwarebytes Researchers Say Attacks Appear Related to Magecart
Cybercriminals are hiding malicious JavaScript skimmers in the "favicon" icons of several ecommerce websites in an effort to steal payment card data from customers, researchers at Malwarebytes say.

Malwarebytes Researchers Say Attacks Appear Related to Magecart
Cybercriminals are hiding malicious JavaScript skimmers in the "favicon" icons of several ecommerce websites in an effort to steal payment card data from customers, researchers at Malwarebytes say.

The world needs to triple the energy it gets from renewables, nuclear reactors and power plants that use emissions-capture technology to avoid dangerous levels of global warming, United Nations scientists said.

Ukrainian officials say they’ve found a way to protect the nation from Russia: Go green.