ILIAS Cross-Site Scripting Vulnerability (CNVD-2018-03162)

ILIAS is a Web-based learning management system developed by the ILIAS team. The system contains modules for course management, file sharing, and live chat. A cross-site scripting vulnerability exists in ILIAS. A remote attacker can exploit this vulnerability by sending a 'cmd' parameter to the...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM Security Identity Manager ISIM Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 111737...

StivaSoft PHPJabbers PHP Newsletter Script Cross-Site Scripting Vulnerability

StivaSoft PHPJabbers PHP Newsletter Script is a set of news system scripts from the Bulgarian company StivaSoft. admin panel is one of the administration panels. A cross-site scripting vulnerability exists in the lists of the admin panel of StivaSoft PHPJabbers PHP Newsletter Script. A remote...

Adobe ColdFusion Help Page Cross Site Scripting Vulnerability

Adobe ColdFusion is prone to a cross site scripting vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the 1 cpupdateMessageItem and 2 cpdeleteMessageItem functions in cppppadminintmessagelist.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal...

Micro Focus Operations Manager i Cross-Site Scripting Vulnerability

Micro Focus Operations Manager I is a suite of common event correlation software for all IT disciplines from Micro Focus UK. The software collaborates on IT event management and automated monitoring through a single management interface that correlates fault and performance data from local and...

CVE-2017-12630

CVE-2017-12630 affects Apache Drill 1.11.0 and earlier. The vulnerability is a cross-site scripting issue where submitting a form from the Query page allows an attacker to inject arbitrary script/HTML, which can then execute on the Profile page and potentially expose cookie information. The conne...

CVE-2017-10886

Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 and earlier excluding v2 and v3, CS-Cart Multivendor Japanese Edition v4.3.10 and earlier excluding v2 and v3 allows an attacker to inject arbitrary web script or HTML via unspecified vectors...

phpMyFAQ 2.9.8 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website:...

ZCMS JavaServer Pages Content Management System Cross-Site Scripting Vulnerability

ZCMS JavaServer Pages Content Management System is a page content management system . A cross-site scripting vulnerability exists in ZCMS JavaServer Pages Content Management System version 1.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

EyesOfNetwork Cross-Site Scripting Vulnerability

EyesOfNetwork EON is an open source, free IT monitoring solution. The solution provides business process configuration tools, generating pop-up windows when events occur in the active queue, etc. EyesOfNetwork web interface aka eonweb is one of the web interfaces. A cross-site scripting...

CVE-2014-8492

Multiple cross-site scripting XSS vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 sitename, 2 message, or 3 siteurl parameter...

CVE-2017-10701

Cross site scripting XSS vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516...

Cross-site Scripting

dolibarr is vulnerable to cross-site scripting attacks. The attack exists because it does not correctly filter the "url" field through the external calendar or 2 the bank name field in the "import external calendar" page, allowing the attacker to inject arbitrary script through them...

WordPress Cross-Site Scripting Vulnerability (CNVD-2017-34852)

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress suffers from a cross-site scripting vulnerability in oEmbed Discovery. A remote attacker can exploit this...

Kaltura Cross-Site Scripting Vulnerability

Kaltura is a set of open source online video platform from Kaltura, Inc. in the United States. A cross-site scripting vulnerability exists in versions of Kaltura prior to 13.2.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

Wordpress plugin image-gallery-with-slideshow cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Wordpress plugin image-gallery-with-slideshow cross-site scripting vulnerability. A remote attacker can exploit this...

WordPress Shibboleth Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's suite of blogging platforms developed using the PHP language, which supports the hosting of personal blog sites on servers running PHP and MySQL.The Shibboleth plugin is one of the plugins used to integrate Wordpress sites into existing identity...

Concrete5 cross-site scripting vulnerability (CNVD-2017-32458)

concrete5 is a free content management system CMS. The system can be edited and typeset directly on the page. A cross-site scripting vulnerability exists in concrete5 version 5.7.3.1, which stems from the program failing to validate or encrypt user-submitted input. A remote attacker can exploit...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpThumb before 1.7.14 allow remote attackers to inject arbitrary web script or HTML via parameters in demo/phpThumb.demo.showpic.php...