3221 matches found
CVE-2018-1848
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-For...
Cross-Site Scripting (XSS)
Dnn.Platform is vulnerable to cross-site scripting. A lack of sanitization in the redirect URL as displayed on the redirect page allows remote attackers to inject arbitrary Javascript into a victim's browser to steal session cookies or perform unwanted actions on behalf of the user...
Design/Logic Flaw
Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with node --debug or node debug, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate...
Xiaomi Mi Router 3 Cross-Site Scripting Vulnerability
Xiaomi Mi Router 3 is a wireless router product from Chinese company Xiaomi. A cross-site scripting vulnerability exists in the API 404 page in Xiaomi Mi Router 3 version 2.22.15. A remote attacker can exploit this vulnerability to execute arbitrary JavaScript code via a modified URL path...
CVE-2018-13022
Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path...
Cross site scripting
Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path...
CVE-2018-13312
Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field...
CVE-2018-13309
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password...
Cross site scripting
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password...
CVE-2018-13308
Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field...
Cross site scripting
Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field...
CVE-2018-13312
Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field...
Cross site scripting
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username...
CVE-2018-13310
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username...
CVE-2018-13309
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password...
Cross-Site Scripting (XSS)
Dojo Toolkit is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of a user...
Cross-Site Scripting (XSS)
flowplayer is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser by via the callback parameter using URL encoding. This vulnerability exists due to an incomplete fix for CVE-2013-7342...
Cross-site Scripting (XSS)
graylog-web-interface is vulnerable to a cross-site scripting XSS attack. The library does not properly escape the text in the Dashboard, allowing a malicious user to inject and execute arbitrary Javascript...
Cross-Site Scripting (XSS)
DotNetNuke.Web is vulnerable to cross-site scripting. The Telerik HTML editor allows remote attackers to inject arbitrary Javascript into a victim's browser to steal session cookies and perform unwanted actions on behalf of the user...
Cross-Site Scripting (XSS)
DotNetNuke.Core is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via a crafted URL containing text that is used within a modal popup...