Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WebKit in Apple iOS before 7 allow user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a 1 drag-and-drop or 2 copy-and-paste operation...

CVE-2013-4047

Cross-site scripting XSS vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote attackers to inject arbitrary web script or HTML via a crafted link...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in 1 new or 2 draft mode, related to compose.inc; and 3 might allow remote authenticated users to injec...

CVE-2013-0595

Multiple cross-site scripting XSS vulnerabilities in iNotes 8.5.x in IBM Lotus Domino 8.5 before 8.5.3 FP5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka SPR PTHN95XNR3...

Cross site scripting

Cross-site scripting XSS vulnerability in the Administrative console in IBM WebSphere Application Server WAS 8.0 before 8.0.0.7 and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-2136

Multiple cross-site scripting XSS vulnerabilities in Apache CloudStack before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 Physical network name to the Zone wizard; 2 New network name, 3 instance name, or 4 group to the Instance wizard; 5 unspecified "multi-edit...

Arbitrary Script Injection

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Arbitrary Script Injection due to improper sanitization of the $event object passed to the native constructor functions. That isn't protected by the fast pat...

Arbitrary Script Injection

Overview Affected versions of this package are vulnerable to Arbitrary Script Injection due to improper sanitization of the $event object passed to the native constructor functions. That isn't protected by the fast paths in $parse. Remediation Upgrade angularjs to version 1.1.5 or higher...

Show In Browser Gem for Ruby /tmp/browser.html Arbitrary Script Injection

Show In Browser Gem for Ruby contains a flaw that is triggered when the application does not validate input passed via the /tmp/browser.html file. This may allow a local attacker to create a specially crafted request that would execute arbitrary script code in a user's browser...

Cross site scripting

Cross-site scripting XSS vulnerability in the Manager Change for Organic Groups ogmanagerchange module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web script or HTML via the username in the new manager autocomplete field...

TinyMCE 3.5.8 Cross Site Scripting

Vulnerability Report Author: Justin C. Klein Keane Date: 5 March, 2013 CVE-2012-4230 Description of Vulnerability: ----------------------------- "TinyMCE in itself can not be insecure" http://www.tinymce.com/wiki.php/Security "TinyMCE is a platform independent web based Javascript HTML WYSIWYG...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 page parameter in zing.inc.php or 2 notes parameter in fws/pages-front/onecheckout.php...

CVE-2012-6511

Multiple cross-site scripting XSS vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 deleteid parameter or 2 extension parameter in an "Update Setting" action to wp-admin/admin.php...

Cryptocat 2.0.22 - Arbitrary Script Injection

Cryptocat 2.0.22 - Arbitrary Script Injection source: https://www.securityfocus.com/bid/61093/info Cryptocat is prone to an arbitrary script-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary script code withi...

Cryptocat 2.0.22 - Arbitrary Script Injection

source: https://www.securityfocus.com/bid/61093/info Cryptocat is prone to an arbitrary script-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary script code within the context of the application. Versions pri...

SA-CONTRIB-2012-149 - Hostip - Cross Site Scripting (XSS)

Hostip enables you to query the http://www.hostip.info/ API to get the country / state information based on the user's IP address or a specific IP passed to it. The module fails to sanitize data retrieved from an untrusted third party source, thereby exposing an arbitrary script injection...

CVE-2012-5226

Multiple cross-site scripting XSS vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the 1 motclef parameter to achat/recherche.php or 2 PATHINFO to index.php...

CVE-2011-5177

Multiple cross-site scripting XSS vulnerabilities in admin/controller.php in eSyndiCat Pro 2.3.05 allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to the admins 2 blocks, 3 articles, or 4 suggest-category; or 5 sort parameter to the search page...

SA-CONTRIB-2012-143 PRH Search - Cross Site Scripting (XSS)

PRH Search provides an interface to search for association information for Finnish association using the PRH Patentti- ja Rekisterihallitus database. The module fails to sanitize data retrieved from an untrusted third party source, thereby exposing an arbitrary script injection vulnerability XSS...

SA-CONTRIB-2012-144 Fonecta verify - Cross Site Scripting (XSS)

Fonecta verify provides an interface to retrieve information from the Finnish Fonecta company information database. The module contains an arbitrary script injection vulnerability XSS due to the fact that it fails to sanitize data retrieved from an untrusted third party source. This vulnerability...