CVE-2018-2435

SAP NetWeaver Enterprise Portal from 7.0 to 7.02, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

CVE-2018-2431

SAP BusinessObjects Business Intelligence Suite, versions 4.10 and 4.20, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

oauth2orize-fprm cross-site scripting vulnerability

oauth2orize-fprm is a Post Response mode support component for OAth2orize. A cross-site scripting vulnerability exists in the index.js file in versions of oauth2orize-fprm prior to 0.2.1, which stems from the program failing to properly encode input values. A remote attacker can exploit this...

Unspecified Content Spoofing Vulnerability in SAP NetWeaver Application Server Java Web Container and HTTP Service

SAP NetWeaver is Germany's SAP SAP company's set of service-oriented integrated application platform, the platform can provide development and operation environment for SAP applications. Application Server Java Web Container is one of the Java application running environment; HTTP Service is an...

CVE-2018-2410

SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting XSS vulnerability...

SAP Process Monitoring Infrastructure Cross-Site Scripting Vulnerability

SAP Process Monitoring Infrastructure PMI is a process monitoring infrastructure from SAP. The product has an IT environment monitoring, system monitoring and process monitoring and other functions. A cross-site scripting vulnerability exists in SAP PMI, which stems from the program failing to...

SAP NetWeaver RunTime Cross-Site Scripting Vulnerability

SAP NetWeaver RunTime is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A cross-site scripting vulnerability exists in SAP NetWeaver RunTime, which arises from the program's...

CVE-2018-2397

In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console CMC does not sufficiently encode user controlled inputs which results in Cross-Site Scripting...

CVE-2018-2365

SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

[SECURITY] Fedora 27 Update: php-phpmyadmin-motranslator-4.0-1.fc27

Translation API for PHP using Gettext MO files. Features All strings are stored in memory for fast lookup Fast loading of MO files Low level API for reading MO files Emulation of Gettext API No use of eval for plural equation Limitations Not suitable for huge MO files which you don't want to stor...

CVE-2018-2371

The SAML 2.0 service provider of SAP Netweaver AS Java Web Application, 7.50, does not sufficiently encode user controlled inputs, which results in Cross-Site Scripting XSS vulnerability...

UBUNTU-CVE-2017-18123

The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e does not properly encode user input, which leads to a reflected file download vulnerability, and allows remote attackers to run arbitrary programs...

CVE-2017-16681

Cross-Site Scripting XSS vulnerability in SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, 4.30, as user controlled inputs are not sufficiently encoded...

TYPO3 Backend Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in the TYPO3 backend. Because the program fails to properly encode user input, an attacker would need to use a valid backend user...

CVE-2017-8920

irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS...

MyBB cache handler vulnerability

MyBB is a WEB-based application. The cache handler in MyBB fails to properly check the input encoding of the varexport function, allowing remote attackers to exploit the vulnerability for malicious attacks...

CVE-2015-2352

The cache handler in MyBB aka MyBulletinBoard before 1.8.4 does not properly check the encoding of input to the varexport function, which allows attackers to have an unspecified impact via unknown vectors...

CVE-2015-2352

CVE-2015-2352 affects MyBB (MyBulletinBoard) up to version 1.8.3; the cache handler fails to properly validate input encoding before passing data to var_export, enabling an unspecified impact via unknown vectors. The issue is resolved in MyBB 1.8.4 per vendor advisories. Practical impact and expl...

Microsoft VS Team Foundation Server SignalR XSS Vulnerability (2905244)

This host is missing an important security update according to Microsoft Bulletin MS13-103. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...