4380 matches found
WordPress 3.7.x < 3.7.19 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the wpplaylistshortcode function within the /wp-includes/media.php script due to a failure to validate input passed via...
WordPress 4.7.x < 4.7.3 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the wpplaylistshortcode function within the /wp-includes/media.php script due to a failure to validate input passed via...
WordPress 4.4.x < 4.4.8 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the wpplaylistshortcode function within the /wp-includes/media.php script due to a failure to validate input passed via...
WordPress 4.3.x < 4.3.9 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the wpplaylistshortcode function within the /wp-includes/media.php script due to a failure to validate input passed via...
WordPress 4.0.x < 4.0.16 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the wpplaylistshortcode function within the /wp-includes/media.php script due to a failure to validate input passed via...
WordPress 4.1.x < 4.1.16 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the wpplaylistshortcode function within the /wp-includes/media.php script due to a failure to validate input passed via...
WordPress 4.2.x < 4.2.13 Multiple Vulnerabilities
According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A cross-site scripting XSS vulnerability exists in the wpplaylistshortcode function within the /wp-includes/media.php script due to a failure to validate input passed via...
CVE-2018-11074
RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply...
CVE-2018-11074
RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply...
CVE-2018-11074
CVE-2018-11074 affects RSA Authentication Manager prior to 8.3 P3. The vulnerability is a DOM-based cross-site scripting flaw in the embedded MadCap Flare Help files that can be exploited by a remote unauthenticated attacker to execute HTML/JavaScript in the browser context of the vulnerable web ...
CVE-2018-11074 DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities
RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply...
Once Popular Online Ad Format Opens Top Tier Sites to XSS Attacks
Certain types of online ads that expand, contract and pop-open aren’t just annoying – they can sometimes be dangerous. The ads in question are called expandable ads, which use what is called iFrame Busters code. The ads, together with iFrame Buster code, are designed to break the limits of a...
Mail.ru: XSS in touch.mail.ru
Browser specific user assisted DOM based XSS in message editor undo functionality via quoted content. Vulnerability did not affected mobile browsers used by majority of touch.mail.ru web interface users...
HackerOne: DOM Based XSS in www.hackerone.com via PostMessage
Summary: The Marketo contact form available on the www.hackerone.com website is affected by a cross-site scripting vulnerability, caused by an insecure 'message' event listener installed on the page. Whilst this could allow an attacker to execute JavaScript in the context of the www.hackerone.com...
Cisco Web Security Appliance Reflected and Document Object Model-Based Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model–based DOM-based cross-site scripting XSS attack against a user of the web-based management interface of an...
CVE-2018-0390
A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...
Cross site scripting
A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...
CVE-2018-0390
Cisco Webex DOM-based XSS (CVE-2018-0390) affects the Webex web framework and arises from insufficient input validation of POST parameters, enabling an unauthenticated, remote attacker to inject scripts that run in a user’s browser for the affected web UI. The issue is documented across multiple ...
CVE-2018-0390
A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...
CVE-2018-0390
A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based DOM-based cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input...