ProjectSend cross-site scripting vulnerability (CNVD-2019-36883)

ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A cross-site scripting vulnerability exists in the 'Name' field of the My Account page in versions prior to ProjectSend r1053. The vulnerability stems from the WEB application's lack of proper...

Shave Cross-Site Scripting Vulnerability

Shave is a Javascript plugin that can truncate multiple lines of text according to the set number of pixels max-height. A cross-site scripting vulnerability exists in versions prior to Shave 2.5.3, which can be exploited by attackers to execute client-side code...

Quest Software KACE Systems Management Appliance Cross-Site Scripting Vulnerability

Quest Software KACE Systems Management Appliance is a systems management appliance from Quest Software, USA. It supports IT asset management, server management and monitoring, software license management and patch management. A cross-site scripting vulnerability exists in Quest Software KACE...

Zoho ManageEngine ServiceDesk Plus Cross-Site Scripting Vulnerability (CNVD-2019-15667)

ZOHO ManageEngine ServiceDesk Plus is a set of ITIL-based IT service management software ITSM from ZOHO. The software integrates incident management, problem management, asset management, IT project management, procurement and contract management and other functional modules. A cross-site scripti...

Applaud HCM Cross-Site Scripting Vulnerability

Applaud HCM is a human resource management application. A cross-site scripting vulnerability exists in Applaud HCM version 4.0.42+ that can be exploited by an attacker to execute client-side code...

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2019-25043)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site scriptin...

Seagate NAS OS Cross-Site Scripting Vulnerability

Seagate NAS OS is a NAS Network Attached Storage operating system from Seagate USA. A cross-site scripting vulnerability exists in the API error page in Seagate NAS OS version 4.3.15.1. The vulnerability stems from a lack of proper validation of client data by the WEB application. An attacker cou...

WordPress Kieran O'Shea Calendar Plugin Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Kieran O'Shea Calendar plugin prior to version 1.3.11. The...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2019-12706)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A cross-site scripting vulnerability exists in Cybozu Garoon versions 4.0.0 through 4.6.3, which originates from ...

IBM Jazz Reporting Service Cross-Site Scripting Vulnerability (CNVD-2019-13241)

IBM Jazz Reporting Service JRS is a suite of applications for discovering cross-project reports from IBM in the United States. A cross-site scripting vulnerability exists in IBM JRS Report Builder that stems from the WEB application failing to validate client-side data, which can be exploited by ...

Symantec VIP Enterprise Gateway Cross-Site Scripting Vulnerability

Symantec VIP Enterprise Gateway is an enterprise security gateway product from Symantec USA. A cross-site scripting vulnerability exists in Symantec VIP Enterprise Gateway that stems from a lack of proper validation of client-side data by the WEB application. An attacker could exploit the...

WordPress Tribulant Slideshow Gallery plugin cross-site scripting vulnerability (CNVD-2019-30133)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers.Tribulant Slideshow Gallery plugin is an image autoplay plugin used in it. A cross-site scripting vulnerability exists in...

waimai Super Cms Cross-Site Scripting Vulnerability (CNVD-2019-13569)

Waimai Super Cms is a takeaway ordering system. A cross-site scripting vulnerability exists in Waimai Super Cms version 20150505. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to execute client-side...

WordPress WP All Import plugin cross-site scripting vulnerability (CNVD-2019-30135)

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WP All Import plugin is used in one of the file import plugin. A cross-site scripting vulnerability exists in WordPress WP All Import...

Apache Airflow Cross-Site Scripting Vulnerability (CNVD-2019-13853)

Apache Airflow is the United States Apache Apache Software Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A cross-site scripting vulnerability exists in the airflow webserver servi...

Cantemo Portal Cross-Site Scripting Vulnerability

Cantemo Portal is a media asset management portal system from the Cantemo team in Sweden. The system is primarily used to manage media files such as video, audio and still images. A cross-site scripting vulnerability exists in Cantemo Portal versions prior to 3.2.13, 3.3.x prior to 3.3.8, and 3.4...

WordPress wpape APE GALLERY plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. wpape APE GALLERY plugin is an image management plugin used in it. A cross-site scripting vulnerability exists in the...

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2019-10429)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site scriptin...

Roundup cross-site scripting vulnerability (CNVD-2019-09481)

Roundup is a command line, web and email issue tracking system. The system provides bug tracking, customer help desk and issue management. A cross-site scripting vulnerability exists in Roundup version 1.6, which stems from the failure of a WEB application to properly validate client-side data an...

IBM Rational DOORS Next Generation Cross-Site Scripting Vulnerability (CNVD-2019-09071)

IBM Rational DOORS Next Generation DNG/RRC is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM, USA. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers and project...