CVE-2018-12588

Cross-site scripting XSS vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project PKP Open Monograph Press OMP v1.2.0 through 3.1.1-2 before 3.1.1-3 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter aka the Searc...

TippingPoint Web Interface Reverse DNS Lookup Cross Site Scripting - Ver2

A cross-site scripting vulnerability exists in TippingPoint. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

Security Bulletin: A security vulnerability has been identified in InfoSphere Data Architect (IDA) that allows remote attackers to inject arbitrary web script or HTML via a crafted URL. (CVE-2015-7439)

Summary A Cross-site scripting XSS vulnerability has been identified in InfoSphere Data Architect IDA, as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software RSA4WS 8.5 through 9.5, and Rational Software Architect RealTime RSART 8.5...

Canon PrintMe / EFI XSS Vulnerability

Canon PrintMe / EFI software is prone to a cross-site scripting XSS vulnerability. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

Cross site scripting

DISPUTED Reflected Cross-site scripting XSS vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool th...

CVE-2018-12040

Reflected Cross-site scripting XSS vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an profiler/open?file= URI. NOTE: The vendor states "The XSS ... is in the web profiler, a tool that should...

CVE-2018-12229

Cross-site scripting XSS vulnerability in Public Knowledge Project PKP Open Journal System OJS 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the templates/frontend/pages/search.tpl parameter aka the By Author field...

CVE-2018-12111

Cross-site scripting XSS vulnerability in the Canon PrintMe EFI webinterface allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the /wt3/mydocs.php URI...

Cross site scripting

Cross-site scripting XSS vulnerability in news.php in Dimofinf CMS Version 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name...

CVE-2018-8923

Cross-site scripting XSS vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments...

Cross site scripting

Cross-site scripting XSS vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html...

CVE-2018-11581

Cross-site scripting XSS vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html...

CVE-2018-8921

Cross-site scripting XSS vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name...

CVE-2018-11027

A reflected XSS vulnerability on Ruckus ICX7450-48 devices allows remote attackers to inject arbitrary web script or HTML...

Clipper CMS 1.3.3 Cross Site Scripting

Exploit Title: ClipperCMS 1.3.3 Persistent XSS on 'Site name' field Date: 05/27/2018 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://www.clippercms.com/ Software Link: https://github.com/ClipperCMS/ClipperCMS/releases/tag/clipper1.3.3 Version: 1.3.3 Tested on:...

CVE-2018-11093

Cross-site scripting XSS vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link A element...

Cross site scripting

Cross-site scripting XSS vulnerability in the Link package for CKEditor 5 before 10.0.1 allows remote attackers to inject arbitrary web script through a crafted href attribute of a link A element...

CVE-2018-11208

An issue was discovered in Z-BlogPHP 2.0.0. There is a persistent XSS that allows remote attackers to inject arbitrary web script or HTML into background web site settings via the "copyright information office" field. NOTE: the vendor indicates that the product was not intended to block this type...

CVE-2018-0585

Cross-site scripting vulnerability in Ultimate Member plugin prior to version 2.0.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...