CVE-2015-7980

Cross-site scripting XSS vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "embedding a JavaScript library from an external source that was not reliable."...

CVE-2017-14983

Cross-site scripting XSS vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/adminconf/index.php...

Cross-site Scripting (XSS)

phpMyFAQ is vulnerable to cross-site scripting XSS attacks. The library does not escape the Title of your FAQ field in the Configuration module, allowing a malicious user to inject and execute arbitrary web script...

Cross site scripting

Cross site scripting XSS vulnerability in SAP Enterprise Portal 7.50 allows remote attackers to inject arbitrary web script or HTML, aka SAP Security Notes 2469860, 2471209, and 2488516...

CVE-2017-14622

Multiple cross-site scripting XSS vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 page parameter or 2 kbAction parameter in the kbAmz page to wp-admin/admin.php...

Cross site scripting

Cross-site scripting XSS vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 page parameter or 2 kbAction parameter in the kbAmz page to wp-admin/admin.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HTML via the failmessage parameter...

WordPress Visual Editor Cross Site Scripting

A cross-site scripting vulnerability exists in WordPress Visual Editor. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

CVE-2017-14622

Multiple cross-site scripting XSS vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 page parameter or 2 kbAction parameter in the kbAmz page to wp-admin/admin.php...

CVE-2015-5613

Cross-site scripting XSS vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerability than CVE-2015-5612...

CVE-2017-14753

Cross-site scripting XSS vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/modulefilters/index.php...

CVE-2017-14753

Cross-site scripting XSS vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/modulefilters/index.php...

CVE-2015-7391

Multiple cross-site scripting XSS vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the 1 selectedenddate or 2 selectedstartdate parameter to lib/results/tcCreatedPerUserOnTestProject.php; the 3 containerType parameter to...

Cross-site Scripting (XSS)

genix/cms is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the id field in inc/lib/Control/Backend/menus.control.php, allowing a malicious user to inject and execute arbitrary web script...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 customer name or 2 subject in a ticket...

CVE-2017-14321

Multiple cross-site scripting XSS vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 customer name or 2 subject in a ticket...

CVE-2017-14321

Multiple cross-site scripting XSS vulnerabilities in the administrative interface in Mirasvit Helpdesk MX before 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the 1 customer name or 2 subject in a ticket...

PHPMyFAQ 2.9.8 - Cross-Site Scripting (1)

PHPMyFAQ 2.9.8 - Cross-Site Scripting 1 Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website:...

phpMyFAQ 2.9.8 Cross Site Scripting

Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince Category: webapps CVE: CVE-2017-1461...