6892 matches found
Cross site scripting
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the application 'Cabinet'...
CVE-2019-5947
CVE-2019-5947 is an XSS vulnerability in Cybozu Garoon (versions 4.6.0–4.10.1) exploitable via the Cabinet component. The issue allows an authenticated remote attacker to inject arbitrary script/HTML, potentially leading to arbitrary script execution in a user’s browser. Public sources (NVD, Red ...
CVE-2019-5937
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote authenticated attackers to inject arbitrary web script or HTML via the user information...
CVE-2019-5938
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'...
CVE-2019-5939
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Portal'...
CVE-2019-5928
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function...
CVE-2018-16139
Cross-site scripting XSS vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web script or HTML via the db or action parameter to to bin/wxis.exe/bibliopac/...
CVE-2019-7411
Multiple stored cross-site scripting XSS in the MyThemeShop Launcher plugin 1.0.8 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via fields as follows: 1 Title, 2 Favicon, 3 Meta Description, 4 Subscribe Form Name field label, Last name field label, Email...
CVE-2019-7409
Multiple cross-site scripting XSS vulnerabilities in ProfileDesign CMS v6.0.2.5 allows remote attackers to inject arbitrary web script or HTML via the 1 page, 2 gbs, 3 side, 4 id, 5 imgid, 6 cat, or 7 orderby parameter...
CVE-2019-7409
Multiple cross-site scripting XSS vulnerabilities in ProfileDesign CMS v6.0.2.5 allows remote attackers to inject arbitrary web script or HTML via the 1 page, 2 gbs, 3 side, 4 id, 5 imgid, 6 cat, or 7 orderby parameter...
CVE-2019-7411
Multiple stored cross-site scripting XSS in the MyThemeShop Launcher plugin 1.0.8 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via fields as follows: 1 Title, 2 Favicon, 3 Meta Description, 4 Subscribe Form Name field label, Last name field label, Email...
CVE-2019-11398
Multiple cross-site scripting XSS vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon...
CVE-2019-11398
Multiple cross-site scripting XSS vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon...
CVE-2019-11564
A cross-site scripting XSS vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request...
CVE-2019-8349
Multiple cross-site scripting XSS vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the 1 destination parameter to delete feature; the 2 destination parameter to edit feature; 3 content parameter in the profile feature...
CVE-2019-8349
Multiple cross-site scripting XSS vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the 1 destination parameter to delete feature; the 2 destination parameter to edit feature; 3 content parameter in the profile feature...
CVE-2019-8349
Multiple cross-site scripting XSS vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the 1 destination parameter to delete feature; the 2 destination parameter to edit feature; 3 content parameter in the profile feature...
Cross-Site Scripting (XSS)
Red Hat Satellite is vulnerable to cross-site scripting XSS. The vulnerability exists in the way spacewalk-java displays group names. This allows an attacker to inject arbitrary web script or HTML into the web page that is then displayed when viewing the snapshot data...
CVE-2019-11533
Cross-site scripting XSS vulnerability in ProjectSend before r1070 allows remote attackers to inject arbitrary web script or HTML...
CVE-2018-15582
Cross-Site Scripting XSS vulnerability in adm/smsadmin/numbookwrite.php and adm/smsadmin/numbookupdate.php in gnuboard5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML...