235 matches found
Magento cross-site scripting vulnerability (CNVD-2019-26217)
Magento is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engine and payment gateway and other functions. A cross-site scripting vulnerability exists in Magento Open Source, Magento Commerce and Magento. The vulnerability...
Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2019-18595)
Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...
Apache Allura Cross-Site Scripting Vulnerability
Apache Allura is the United States Apache Apache Software Foundation's set of open source project hosting platform. The platform supports the management of source code repositories, bug reports, wiki pages and blogs. A cross-site scripting vulnerability exists in the user drop-down selector in...
IBM Connections Cross-Site Scripting Vulnerability (CNVD-2019-19316)
IBM Connections is a suite of social software platforms from IBM USA. The platform provides advanced analytics and real-time data monitoring capabilities and can accelerate web collaboration within and outside the organization through IBMSmartCloud services. A cross-site scripting vulnerability...
CVE-2019-3413
All versions up to V20.18.40.R7.B1of ZTE NetNumen DAP product have an XSS vulnerability. Due to the lack of correct validation of client data in WEB applications, which results in users being hijacked...
Ruby Chartkick gem cross-site scripting vulnerability
Ruby Chartkick gem is a Ruby-based package for creating Javascript charts. A cross-site scripting vulnerability exists in Ruby Chartkick gem version 3.1.0 and earlier. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this...
Carel pCOWeb Cross-Site Scripting Vulnerability
Carel pCOWeb is a programmable control card. A cross-site scripting vulnerability exists in Carel pCOWeb versions prior to B1.2.4. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit the vulnerability to execute client-side...
IBM Cognos Analytics Cross-Site Scripting Vulnerability (CNVD-2019-25041)
IBM Cognos Analytics is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards, and scorecards, and can assist companies in adjusting their decisions by analyzing such things as key factors and key people. A cross-site scripting...
Open-Xchange OX App Suite Cross-Site Scripting Vulnerability (CNVD-2019-16167)
Open-Xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange USA. The environment allows users to manage email, tasks, files, etc. more intuitively. A cross-site scripting vulnerability exists in Open-Xchange OX App Suite 7.8.4 and earlier versions. The vulnerabili...
Open-Xchange GmbH OX App Suite Cross-Site Scripting Vulnerability
Open-Xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange USA. The environment allows users to manage email, tasks, files, etc. more intuitively. A cross-site scripting vulnerability exists in Open-Xchange OX App Suite. The vulnerability stems from a lack of...
Microsoft Team Foundation Server and Microsoft Azure DevOps Server Cross-Site Scripting Vulnerability
Microsoft Team Foundation Server and Microsoft Azure DevOps Server are both products of Microsoft Corporation, U.S.A. Microsoft Team Foundation Server is a suite of Application Lifecycle Management ALM tools Microsoft Team Foundation Server is an application lifecycle management ALM suite of tool...
buttle npm package cross-site scripting vulnerability
buttle npm package is a static file server. A cross-site scripting vulnerability exists in version 0.2.0 of the buttle npm package, which stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...
OverIT Geocall Cross-Site Scripting Vulnerability
OverIT Geocall is a field service management solution from OverIT Italy. A cross-site scripting vulnerability exists in version 6.3 prior to OverIT Geocall build 2:346977, which stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit the...
Palo Alto Networks Expedition Migration Tool Cross-Site Scripting Vulnerability (CNVD-2019-14250)
Palo Alto Networks Expedition Migration Tool is a security policy configuration migration tool from Palo Alto Networks, USA. A cross-site scripting vulnerability exists in Palo Alto Networks Expedition Migration Tool version 1.1.8 and prior versions, which stems from a lack of proper validation o...
M-Server Cross-Site Scripting Vulnerability
M-Server is a small http static server . M-Server suffers from a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...