Cross site scripting

A stored xss in tianma-static module versions =1.0.4 allows an attacker to execute arbitrary javascript...

CVE-2018-16474

A stored xss in tianma-static module versions =1.0.4 allows an attacker to execute arbitrary javascript...

CVE-2018-16474

A stored xss in tianma-static module versions =1.0.4 allows an attacker to execute arbitrary javascript...

CVE-2018-16474

CVE-2018-16474 concerns the Node.js module tianma-static . Concrete details show that all versions up to 1.0.4 are vulnerable to a stored XSS if an attacker can control the name of a file served by the module. Affected condition: filenames unsanitized, enabling arbitrary JavaScript execution when...

CVE-2018-6906

A persistent Cross Site Scripting XSS vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API...

Cross-Site Scripting (XSS)

resque is vulnerable to cross-site scripting. User input is not HTML encoded in lib/resque/server/views/queues.erb before displaying on a user's browser, which would allow remote attackers to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions o...

Cross-Site Scripting (XSS)

camaleoncms is vulnerable to cross-site scripting. Files uploaded via the media uploader are not validated. This allows a remote attacker to inject arbitrary Javascript into a victim's browser via the filename parameter...

Cross site scripting

IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 146341...

IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2018-20672)

IBM Rational Collaborative Lifecycle Management CLM and so on are the products of IBM Corporation in the U.S.A. IBM Rational Collaborative Lifecycle Management is a set of collaborative lifecycle management solutions.Rational IBM Rational Collaborative Lifecycle Management CLM is a collaborative...

Shopify: H1514 Stored XSS in Return Magic App portal content

Summary: Stored XSS vulnerability was found in return magic app portal content which executes in the application domain in https://services.alveo.io/dashboard-shopify/settings/portal/content Description: It's been found that Return Magic app allows users to add HTML content to their return portal...

CVE-2018-1691

IBM Rational Quality Manager RQM 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2018-9079

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model DOM of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the...

CVE-2018-1660

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 1448...

CVE-2018-1716

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1471...

CVE-2018-1820

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096...

CVE-2018-1560

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

CVE-2018-10497

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

BTITeam XBTIT cross-site scripting vulnerability (CNVD-2019-28274)

XBTIT is an open source tracking software. A reflective cross-site scripting vulnerability exists in the 'keywords' parameter in the search function in /index.php?page=forums&action=search in BTITeam XBTIT 2.5.4. The vulnerability can be exploited to execute arbitrary JavaScript code in a user's...

Cross-site Scripting (XSS)

github.com/portainer/portainer is vulnerable to cross-site scripting XSS attacks. The library does not use HTTP Secure Headers, allowing a malicious user to inject and execute arbitrary Javascript through the Team Name field...

Cross-site Scripting (XSS)

editor.md is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the user input before rendering the markdown, allowing a malicious user can inject and execute arbitrary Javascript through the editor...