862 matches found
CVE-2017-14370
RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored cross-site scripting via the Source Asset ID field. An authenticated attacker may potentially exploit this to execute arbitrary HTML in the user's browser session in the context of the affected RSA Archer application...
CVE-2017-14588
Various resources in Atlassian Fisheye and Crucible before version 4.4.2 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the dialog parameter...
CVE-2017-1000103
The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view...
Cross site scripting
The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings Warnings Plugin, could insert...
CVE-2015-7391
Multiple cross-site scripting XSS vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the 1 selectedenddate or 2 selectedstartdate parameter to lib/results/tcCreatedPerUserOnTestProject.php; the 3 containerType parameter to...
Rocket.Chat Cross-Site Scripting Vulnerability
Rocket.Chat is an open source built in JavaScript using the Meteor fullstack framework developed by the Web chat server . A cross-site scripting vulnerability exists in the markdown link parsing code used for messages in Rocket.Chat. A remote attacker can exploit this vulnerability to inject...
Cross site scripting
Cross-site scripting XSS vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket...
Cross site scripting
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance RSA IMG...
CVE-2017-8005
The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance RSA IMG...
Various XSS through a repository or review filename - CVE-2017-9508
Various resources in Atlassian FishEye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the name of a repository or review file...
Various XSS through a repository or review filename - CVE-2017-9508
Various resources in Atlassian FishEye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the name of a repository or review file...
Microsoft Exchange Server Cross-Site Scripting Vulnerability (CNVD-2017-15995)
Microsoft Exchange Server is a set of e-mail service programs from Microsoft, which provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. A cross-site scripting vulnerability exists in Microsoft Exchange Server that stems from Microsoft Exchange Outlook Web Acce...
Multiple Cross-Site Scripting Vulnerabilities in Schneider Electric Pelco Sarix/Spectra Cameras
Pelco Sarix/Spectra Cameras is a camera offered by Pelco. Schneider Electric Pelco Sarix/Spectra Cameras has multiple cross-site scripting vulnerabilities that can be exploited by attackers to execute arbitrary HTML and script code...
Cross site scripting
A cross site scripting XSS vulnerability exists in CheckMK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the username parameter when attempting authentication to webapi.py, which is returned unencoded with content type...
WordPress Download Manager 2.9.46 / 2.9.51 Cross Site Scripting
Details ================ Software: WordPress Download Manager Version: 2.9.46,2.9.51 Homepage: https://wordpress.org/plugins/download-manager/ Advisory report: https://security.dxw.com/advisories/xss-download-manager/ CVE: Awaiting assignment CVSS: 5.8 Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N Descripti...
WordPress Download Manager 2.9.46 / 2.9.51 Cross Site Scripting Vulnerability
WordPress Download Manager plugin versions 2.9.46 and 2.9.51 suffer from a cross site scripting vulnerability. Details ================ Software: WordPress Download Manager Version: 2.9.46,2.9.51 Homepage: https://wordpress.org/plugins/download-manager/ Advisory report:...
WordPress WP-Members Plugin Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress WP-Members plugin version 3.1.8. A remote attacker c...
HTML Injection Vulnerability in Multiple EMC Products
EMC is a U.S. information storage information technology company.EMC RSA Identity Management and Governance is an enterprise-class identity management solution. An HTML injection vulnerability exists in multiple EMC products. A remote attacker with low privileges could exploit the vulnerability t...
Cross-Site Scripting Vulnerability in Multiple EMC RSA Products
EMC is a U.S. information storage information technology company.EMC RSA Identity Management and Governance is an enterprise-class identity management solution. A cross-site scripting vulnerability exists in multiple EMC products. A remote attacker could exploit the vulnerability to execute...
CVE-2017-2169
Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...