5777 matches found
DEBIAN-CVE-2017-12979
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution...
CVE-2017-12980
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as...
CVE-2017-12979
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution...
CVE-2017-12979
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution...
CVE-2017-12980
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as...
CVE-2017-12979
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution...
CVE-2017-12980
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as...
CVE-2017-12979
DokuWiki (until 2017-02-19c) is affected by CVE-2017-12979 due to stored XSS in /inc/parser/xhtml.php when rendering a malicious language name inside a code element. Exploitation requires an attacker to create or edit a wiki page to trigger JavaScript execution. The issue is a server-side renderi...
CVE-2017-12979
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution...
IBM InfoSphere Streams Cross-Site Scripting Vulnerability
IBM InfoSphere Streams is a suite of data analytics platforms from IBM in the United States. The platform enables user-developed applications to quickly access, analyze and correlate information from multiple real-time sources. A cross-site scripting vulnerability exists in IBM InfoSphere Streams...
Wordpress Vospari Forms plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . wordpress Vospari Forms is one of the registration form plugin . form submission is one of the form submission...
CVE-2017-11727
services/systemio/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution involving a ContactCommon field on victims who click on a crafted link, aka XSS...
Roundcube Webmail Cross-Site Scripting Vulnerability (CNVD-2017-18573)
RoundCube Webmail is a browser-based IMAP client mail client that supports address book management, message searching, spell checking and more. A cross-site scripting vulnerability exists in Roundcube Webmail version 1.1.5. A remote attacker can exploit this vulnerability to execute JavaScript...
CVE-2017-1000038
WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site...
CVE-2017-1000033
Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...
CVE-2017-1000033
Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...
Cross site scripting
Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...
CVE-2017-1000033
Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...
Microsoft SharePoint Server CVE-2017-8569 Remote Privilege Escalation Vulnerability
Description Microsoft SharePoint Server is prone to a remote privilege-escalation vulnerability because it fails to properly sanitize user-supplied input. An attackers may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microso...
Mail.ru: XSS bypass Script execute,Read any file,execute any javascript code--UXSS
Mail attachment XSS bypass vulnerability--UXSS Vulnerability impact: Mail.Ru Mail for iOS MyMail for iOS explain: Mail app supports HTML attachments, however,Cannot execute javascript. for example alert/xss/ These statements can not be executed in the html attachments...LOL However, the addition ...