Cross-Site Scripting (XSS)

snipe/snipe-it is vulnerable to cross-site scripting XSS. User input are not escaped before being displayed on a user's browser, allowing remote attackers to inject arbitrary Javascript into a victim's browser via logmeta values and user's last name in the API...

CVE-2019-1571

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings...

CVE-2019-1569

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user...

CVE-2019-1570

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings...

CVE-2019-1570

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings...

CVE-2019-1571

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings...

Cross-Site Scripting (XSS)

kibana is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

Cross Site Scripting (XSS)

Liferay Portal is vulnerable for Cross site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the ppid parameter in the Plugins Confguration section of Control Panel...

Cross-Site Scripting (XSS)

Red Hat JBoss Operations Network is vulnerable to cross-site scripting XSS. Lack of input validation in the Administration Interface allows remote attackers to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

Cross-site Scripting (XSS)

Westwind.Utilities is vulnerable to cross-site scripting XSS. The vulnerability exists due to lack of validation when the single quote character ' is escaped as such ', allowing a remote attacker to inject arbitrary Javascript into a victim's browser...

Cross-Site Request Forgery (CSRF)

wordpress is vulnerable to cross-site request forgery CSRF. The vulnerability exists as it does not have any CSRF protections in place to prevent forged request when posting comments. Moreover, a lack of comment content filtering when an administrative user posts a comment, allows a remote attack...

Cross-Site Scripting (XSS)

contao/core-bundle is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the system logs, which would be executed in the context of the user's browser when the user loads the logs...

Cross-Site Scripting (XSS)

contao/core is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the email parameter in the Newsletter module...

Cross site scripting

Pivotal Operations Manager, 2.1.x versions prior to 2.1.20, 2.2.x versions prior to 2.2.16, 2.3.x versions prior to 2.3.10, 2.4.x versions prior to 2.4.3, contains a reflected cross site scripting vulnerability. A remote user that is able to convince an Operations Manager user to interact with...

Apache Airflow vulnerable to Stored XSS

In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views...

Cross-Site Scripting (XSS)

github.com/grafana/grafana is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript through the content, url and name parameters under the Dashboard settings. This CVE ID is different from CVE-2018-18624 and CVE-2018-18625...

Cross-Site Scripting (XSS)

bolt/bolt is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the title and slug parameters in a POST request to /bolt/editcontent/pages...

PT-2019-16845 · Ibm · Ibm Sterling B2B Integrator

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator versions 5.2.0.1 through 6.0.0.0 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

PT-2019-16847 · Ibm · Ibm Sterling B2B Integrator

Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator versions 5.2.0.1 through 6.0.0.0 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...

Cross site scripting

Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum...