CVE-2018-1000086

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...

Cross site request forgery (csrf)

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...

Cross-Site Scripting Vulnerability in IBM WebSphere Portal

IBM WebSphere Portal is a suite of enterprise portal software from IBM. The software creates a platform that connects the internal and external parts of an organization, allowing employees, customers and suppliers to access internal data through the platform. A cross-site scripting vulnerability...

Polycom QDX 6000 Cross-Site Scripting Vulnerability

The Polycom QDX 6000 devices is a video conferencing endpoint device from Polycom. A cross-site scripting vulnerability exists in the Web application feature of the Polycom QDX 6000 devices. A remote attacker can exploit this vulnerability to execute arbitrary Javascript code in a user's web...

Voten.co Arbitrary Code Execution Vulnerability

Voten.co is an open source blogging community system. A security vulnerability exists in the resources/views/layouts/app.blade.php file in versions of Voten.co prior to 2017-08-25. An attacker can exploit the vulnerability to execute arbitrary JavaScript code when a user views the attacker's...

Cross-site Scripting (XSS)

mrk.js is vulnerable to cross-site scripting XSS attacks. The library does not sanitize URL links during markdown parsing, allowing a malicious user to inject and execute arbitrary Javascript...

Cross site scripting

Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector,...

CVE-2017-7427

Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector,...

CVE-2017-7427

CVE-2017-7427 affects Micro Focus Identity Manager/iManager Plug-in (version 2.7.7.7 and prior to 4.6.1). The vulnerability is a family of multiple cross-site scripting (XSS) flaws that allow an attacker to execute arbitrary JavaScript in the context of the vulnerable application. Exploitation pa...

IBM Daeja ViewONE Virtual Cross-Site Scripting Vulnerability

IBM Daeja ViewONE Virtual is a document viewer from IBM USA that supports viewing of TIFF, PDF and Office-based documents. A cross-site scripting vulnerability exists in IBM Daeja ViewONE Virtual. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

CVE-2018-1415

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138821...

Design/Logic Flaw

Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest calls...

DEBIAN-CVE-2017-18121

The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable to a Cross-Site Scripting attack, allowing an attacker to craft links that could execute arbitrary JavaScript code on the victim's web browser...

Joomla 'Chromes' module XSS Vulnerability

Joomla is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...

Node.js third-party modules: [glance] Stored XSS via file name allows to run arbitrary JavaScript when directory listing is displayed in browser

Hi Guys, There is a Stored XSS vulnerability in glance module. File name, which contains malicious HTML eg. embedded iframe element or javascript: pseudoprotocol handler in element allows to execute JavaScript code against any user who opens directory listing contains such crafted file name. Modu...

CVE-2017-1532

IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 130411...

CVE-2017-1000386

Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. This could include, for example, arbitrary JavaScript. Acti...

Mailman -- Cross-site scripting (XSS) vulnerability in the web UI

Mark Sapiro reports: An XSS vulnerability in the user options CGI could allow a crafted URL to execute arbitrary javascript in a user's browser. A related issue could expose information on a user's options page without requiring login...

CVE-2017-12097

An exploitable cross site scripting XSS vulnerability exists in the filter functionality of the delayedjobweb rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an...

CVE-2017-12097

An exploitable cross site scripting XSS vulnerability exists in the filter functionality of the delayedjobweb rails gem version 1.4. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish an...