In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0 version via the /AssetDef.do ciName or assetName parameter.
>> CATEGORY: exploit
A cross site scripting vulnerability has been discovered in the AIR5342 modem of the AirTies manufacturer. AirTies Air 5750 devices have XSS via the top.html productboardtype parameter.
A cross site scripting vulnerability has been discovered in the AIR5650 modem of the AirTies manufacturer. AirTies Air 5650 devices have XSS via the top.html productboardtype parameter.
A cross site scripting vulnerability has been discovered in the AIR5750 modem of the AirTies manufacturer. AirTies Air 5750 devices have XSS via the top.html productboardtype parameter.
gVisor reuses pagetables across levels without paging-structure invalidation.
WordPress Breadcrumb NavXT plugin version 6.1.0 suffers from a username disclosure vulnerability.
WordPress WebARX Website Firewall plugin version 4.9.8 suffers from bypass and cross site scripting vulnerabilities.
Microsoft Edge suffers from a sandbox escape vulnerability.
iWay Data Quality Suite Web Console version 10.6.1.ga suffers from an XML external entity injection vulnerability.
ManageEngine Desktop Central version 10.0.271 suffers from a cross site scripting vulnerability.