SA162: Multiple ASG and ProxySG Vulnerabilities

SUMMARY The Symantec ASG and ProxySG management consoles are susceptible to several vulnerabilities. A remote attacker, with access to the management console, can cause denial of service through management console application crashes. A malicious appliance administrator can also inject arbitrary...

Cross site scripting

Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...

enhavo cross-site scripting vulnerability

enhavo is a set of open source CMS written in PHP based on the Symfony framework content management system. A cross-site scripting vulnerability exists in enhavo version 0.4.0. A remote attacker can exploit this vulnerability to inject and execute arbitrary types of JavaScript code...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped...

pym.js CSRF Vulnerability

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...

GHSA-82GW-PQF7-Q3J2 pym.js CSRF Vulnerability

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...

CVE-2018-1000086

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...

Cross site request forgery (csrf)

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...

Cross-Site Scripting Vulnerability in IBM WebSphere Portal

IBM WebSphere Portal is a suite of enterprise portal software from IBM. The software creates a platform that connects the internal and external parts of an organization, allowing employees, customers and suppliers to access internal data through the platform. A cross-site scripting vulnerability...

Polycom QDX 6000 Cross-Site Scripting Vulnerability

The Polycom QDX 6000 devices is a video conferencing endpoint device from Polycom. A cross-site scripting vulnerability exists in the Web application feature of the Polycom QDX 6000 devices. A remote attacker can exploit this vulnerability to execute arbitrary Javascript code in a user's web...

Voten.co Arbitrary Code Execution Vulnerability

Voten.co is an open source blogging community system. A security vulnerability exists in the resources/views/layouts/app.blade.php file in versions of Voten.co prior to 2017-08-25. An attacker can exploit the vulnerability to execute arbitrary JavaScript code when a user views the attacker's...

Cross-site Scripting (XSS)

mrk.js is vulnerable to cross-site scripting XSS attacks. The library does not sanitize URL links during markdown parsing, allowing a malicious user to inject and execute arbitrary Javascript...

CVE-2017-7427

Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector,...

Cross site scripting

Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector,...

CVE-2017-7427

CVE-2017-7427 affects Micro Focus Identity Manager/iManager Plug-in (version 2.7.7.7 and prior to 4.6.1). The vulnerability is a family of multiple cross-site scripting (XSS) flaws that allow an attacker to execute arbitrary JavaScript in the context of the vulnerable application. Exploitation pa...

IBM Daeja ViewONE Virtual Cross-Site Scripting Vulnerability

IBM Daeja ViewONE Virtual is a document viewer from IBM USA that supports viewing of TIFF, PDF and Office-based documents. A cross-site scripting vulnerability exists in IBM Daeja ViewONE Virtual. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

CVE-2018-1415

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138821...

Design/Logic Flaw

Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest calls...

DEBIAN-CVE-2017-18121

The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser...

Joomla 'Chromes' module XSS Vulnerability

Joomla is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...