CVE-2016-6333

Cross-site scripting XSS vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css...

CVE-2016-4870

CVE-2016-4870 is a cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0, exploitable via the Schedule function by a remote, authenticated attacker who can inject script or HTML into the victim’s browser. Affected product: Cybozu Office versions 9.0.0–10.4.0. Root cause: improper ha...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the IVYWE 1 Assist plugin before 1.1.2.test20160906, 2 dataBox plugin before 0.0.0.20160906, and 3 userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via 1 the label parameter to admin/BunchDetail.do; 2 the packagename, 3 searchsubscribedchannels, or 4 channelfilter parameter to software/packages/NameOverview.d...

CVE-2015-7565

Cross-site scripting XSS vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML...

CVE-2016-2104

This CVE relates to multiple XSS vulnerabilities in Red Hat Satellite 5 (Spacewalk) where an attacker can inject arbitrary script/HTML via parameters such as label, package_name, search_subscribed_channels, channel_filter, or vectors like input:hidden /bean:message . The issue is documented acros...

CVE-2015-8864

Cross-site scripting XSS vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 label value of an item or 2 name of a role...

CVE-2015-7562

Multiple cross-site scripting XSS vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 label value of an item or 2 name of a role...

CVE-2017-7271

Reflected Cross-site scripting XSS vulnerability in Yii Framework before 2.0.11, when development mode is used, allows remote attackers to inject arbitrary web script or HTML via crafted request data that is mishandled on the debug-mode exception screen...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager HDM before 4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 deviceTypeID parameter to DeviceType/getDeviceType.do; the 2 policyActionClass or 3...

CVE-2015-8622

Cross-site scripting XSS vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to...

CVE-2017-7215

Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML...

Ganglia Web < 3.5.11 XSS Vulnerability

Ganglia Web is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross site scripting

Cross-site scripting XSS vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the WAD1 parameter to Forms/oadmin1...

CVE-2017-5938

Cross-site scripting XSS vulnerability in the navpath function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the navdata name...

CVE-2017-5584

Cross-site scripting XSS vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting vulnerability in Intel Security McAfee Endpoint Security ENS Web Control before 10.2.0.408.10 allows attackers to inject arbitrary web script or HTML via a crafted web site...

Cross site scripting

Cross-site scripting XSS vulnerability in attributes in Intel Security VirusScan Enterprise Linux VSEL 2.0.3 and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML via a crafted user input...