CVE-2017-17792

Cross site scripting XSS vulnerability in the markupcleanhref function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment...

CVE-2017-1549

IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289...

CVE-2017-1498

IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020...

Geovap Reliance SCADA XSS Vulnerability

Geovap Reliance SCADA is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross site scripting

A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst aka First Name field for the employee details page /employee.html that is then reflected in multiple pages where...

CVE-2017-16819

A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst aka First Name field for the employee details page /employee.html that is then reflected in multiple pages where...

Cross-site Scripting (XSS)

October CMS is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the brand logo image name, allowing a malicious user to inject and execute arbitrary Javascript...

Elevation Of Privileges

Apache Cordova In-App-Browser is vulnerable to elevation of privileges through cross-site scripting XSS attacks. The callback identifiers are not correctly validated which allows attackers to execute arbitrary JavaScript within the host page. Using this flaw, the attackers can use a gab-iab to ga...

Cross site scripting

A Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter...

CVE-2017-7733

A Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter...

IBM Daeja ViewONE Cross-Site Scripting Vulnerability

IBM Daeja ViewONE is a document viewer from IBM that supports TIFF, PDF and Office-based documents.IBM Daeja ViewONE Virtual, Daeja ViewONE Standard and Daeja ViewONE Professional are its different Daeja ViewONE Virtual, Daeja ViewONE Standard and Daeja ViewONE Professional are different versions...

Cross-site Scripting (XSS)

mistune is vulnerable to cross-site scripting XSS attacks. These attacks can be conducted by inserting an unexpected newline or by using an email address to execute arbitrary Javascript...

IBM Rational Engineering Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2017-33351)

IBM Rational Engineering Lifecycle Manager RELM is a suite of engineering lifecycle management software from IBM in the United States. A cross-site scripting vulnerability exists in IBM RELM. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

CVE-2017-9537

Persistent cross-site scripting XSS in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters...

Cross-site Scripting (XSS)

Wordpress is vulnerable to cross-site scripting XSS attacks. A malicious user can pass a javascript: or data: URL to the link modal to inject and execute arbitrary Javascript...

CVE-2015-5181

The CVE-2015-5181 entry concerns Red Hat JBoss A-MQ/JBoss A-MQ Console. The issue is that the JBoss A-MQ console would accept a string containing JavaScript as the name of a new message queue, which leads to remote execution of JavaScript in the console UI. The vulnerability is described in Red H...

Cross-Site Scripting (XSS)

drupal/core is vulnerable to cross-site scripting XSS attacks. The library does not properly encode the label field in the CKEditor, allowing the malicious user to inject and execute arbitrary javascript through it...

Participants Database <= 1.7.5.9 - Cross-Site Scripting

Cross site scripting XSS vulnerability in the Wordpress Participants Database plugin 1.7.59 allows attackers to inject arbitrary javascript via the Name parameter. PoC curl -k -F action=signup -F subsource=participants-database -F shortcodepage=/?pageid=1 -F thankspage=/?pageid=1 -F instanceindex...

Cross-site Scripting (XSS)

automattic/jetpack is vulnerable to cross-site scripting XSS attacks. The library doesn't properly escape the $header parameter in the modules/shortcodes/wufoo.php file, allowing a malicious user to inject and execute arbitrary JavaScript...

CVE-2017-1444

IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110...