Multiple Dell SonicWALL Products '/sgms/mainPage' Page Cross Site Scripting Vulnerability

Cross-site scripting XSS vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to inject arbitrary web script or HTML via the nodeid parameter in a ScreenDisplayManager genNetwork...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Spacewalk and Red Hat Network RHN Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the 1 whereCriteria variable in a software channels search; 2 endyear, 3 starthour, 4 endampm, 5 endday, 6 endhour, 7 endminute, 8...

CVE-2012-6149

CVE-2012-6149 describes multiple XSS vulnerabilities in Spacewalk/RHN Satellite 5.6 via notes.jsp (subject/content) that allow an authenticated or remote attacker to inject scripts in the notes system.addNote XML-RPC flow. Connected sources identify Spacewalk 5.6 as affected and describe the root...

CVE-2013-4415

Multiple cross-site scripting XSS vulnerabilities in Spacewalk and Red Hat Network RHN Satellite 5.6 allow remote attackers to inject arbitrary web script or HTML via the 1 whereCriteria variable in a software channels search; 2 endyear, 3 starthour, 4 endampm, 5 endday, 6 endhour, 7 endminute, 8...

Cross site scripting

Cross-site scripting XSS vulnerability in the IP Manager Assistant IPMA interface in Cisco Unified Communications Manager UCM allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCum05343...

Cross site scripting

Cross-site scripting XSS vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or 2 mailId paramet...

CVE-2013-6229

Multiple cross-site scripting XSS vulnerabilities in Atmail Webmail Server 7.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 filter parameter to index.php/mail/mail/listfoldermessages/searching/true/selectFolder/INBOX/resultContext/searchResultsTab5 or 2 mailId paramet...

CVE-2013-1413

Multiple cross-site scripting XSS vulnerabilities in synetics i-doit open 0.9.9-7, i-doit pro 1.0 and earlier, and i-doit pro 1.0.2 when the 'sanitize user input' flag is not enabled, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2013-2639

Cross-site scripting XSS vulnerability in CTERA Cloud Storage OS before 3.2.29.0, 3.2.42.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the description in a project folder...

Cross site scripting

Cross-site scripting XSS vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the call parameter...

CVE-2014-1869

Multiple cross-site scripting XSS vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2, as maintained by Jon Rohan and James M. Greene, allow remote attackers to inject arbitrary web script or HTML via vectors related to certain SWF query parameters aka loaderInfo.parameters...

CVE-2014-1914

Multiple cross-site scripting XSS vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the 1 topic parameter to sw/addtopic.php or 2 nick parameter to sw/chat/message.php...

Red Hat JBoss Enterprise Application Platform 6.1.0 Security Update (RHSA-2013:1843)

The version of JBoss Enterprise Application Platform running on the remote system is affected by multiple cross-site scripting flaws in the GateIn Portal component. This could allow a remote attacker to manipulate a logged in user into visiting a specially crafted URL, thereby executing an...

WordPress BuddyPress Plugin <= 1.9.1 - XSS

Because of this vulnerability, authenticated users can inject arbitrary web script or HTML via the name field to groups/create/step/group-details. Solution Update the plugin...

Cross site scripting

Cross-site scripting XSS vulnerability in D-Link DAP-2253 Access Point Rev. A1 with firmware before 1.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field...

CVE-2011-3344

A flaw was found in Spacewalk. A remote attacker can exploit a cross-site scripting XSS vulnerability in the Lookup Login/Password form by injecting arbitrary web script or HTML via the URI. This can lead to information disclosure or unauthorized actions within the user's browser session...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Spacewalk 1.6, as used in Red Hat Network RHN Satellite, allow remote attackers to inject arbitrary web script or HTML via vectors related to Search forms...

Cross site scripting

Cross-site scripting XSS vulnerability in the Lookup Login/Password form in Spacewalk 1.6, as used in Red Hat Network RHN Satellite, allows remote attackers to inject arbitrary web script or HTML via the URI...