IBM WebSphere Portal Cross-Site Scripting Vulnerability (CNVD-2018-08589)

IBM WebSphere Portal is a suite of enterprise portal software from IBM. The software creates a platform that connects an organization internally and externally, allowing employees, customers and suppliers to access internal data through the platform. A cross-site scripting vulnerability exists in...

CVE-2018-7035

Cross-site scripting XSS vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers users to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode ...

CVE-2018-7035

CVE-2018-7035 describes a Stored XSS in Gleez CMS (versions 1.2.0 and 2.0) where an attacker can inject JavaScript via HTML content in an editor. The issue is demonstrated when using the source editor in HTML mode during Add Blog, leading to Stored XSS when an Administrator edits the content. The...

CVE-2018-1188

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially injec...

Wicket jQuery UI WYSIWYG Editor Vulnerability

Wicket jQuery UI is an API that provides all the jQuery UI integration . WYSIWYG editor is one of the editors . A security vulnerability exists in the WYSIWYG editor in Wicket jQuery UI versions 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier. An attacker can exploit the...

Kontena server/app/views/static/code.html page cross-site scripting vulnerability

Kontena is a suite of open source microservices platforms capable of running applications as containers. The 'kontena master login --remote' code on the server/app/views/static/code.html page in Kontena versions prior to 1.5.0 indicates a cross-site scripting vulnerability. A remote attacker coul...

HTML injection/XSS in Sanitize

When Sanitize gem is used in combination with libxml2 = 2.9.2, a specially crafted HTML fragment can cause libxml2 to generate improperly escaped output, allowing non-whitelisted attributes to be used on whitelisted elements. This can allow HTML and JavaScript injection, which could result in XSS...

Cross site scripting

Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note aka custName and custNote sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's...

CVE-2018-8737

Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers "Book Me" function. Within the Name and Note aka custName and custNote sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's...

Greenhouse.io: DoS through cache poisoning using invalid HTTP parameters

I was taking a look into a related report https://hackerone.com/reports/298265 and I discovered that the https://boards.greenhouse.io/embed/jobboard/js?for= endpoint doesn't throw errors when I try to pass in an array of for parameters like this:...

CVE-2018-8729

Multiple cross-site scripting XSS vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped...

CVE-2018-8729

Multiple cross-site scripting XSS vulnerabilities in the Activity Log plugin before 2.4.1 for WordPress allow remote attackers to inject arbitrary JavaScript or HTML via a title that is not escaped...

Cross-site Scripting (XSS)

jolokia-core is vulnerable to cross-site scripting XSS attacks. The library does not properly validate the callback request parameter, allowing a malicious user to inject and execute arbitrary Javascript...

Tiki Cross-Site Scripting Vulnerability

Tiki is a suite of open source content management and portal applications from the Tiki software community that can be used to create web applications, portals, corporate intranets, extranets, and more. A cross-site scripting vulnerability exists in Tiki. A remote attacker can exploit this...

Magento cross-site scripting vulnerability (CNVD-2018-04516)

Magento is an open source PHP e-commerce system from Magento, which provides permission management, search engine and payment gateway. Magento cross-site scripting vulnerability, attackers by enticing users to access malicious files to exploit the vulnerability to inject malicious JavaScript scri...

Cross-Site Scripting Vulnerability in EasySNS V1.6 Frontend

ESPHP development framework based on the development of EasySNS minimalist community for the new database architecture and program structure.ESPHP is a self-developed set of PHP source code framework. EasySNS V1.6 in the program implementation of cross-site scripting vulnerabilities, attackers ca...

Cross-site Scripting (XSS)

anywhere is vulnerable to cross-site scripting XSS attacks. The library uses a version of the serve-index package that is vulnerable to CVE-2015-8856, allowing a malicious user to inject and execute arbitrary Javascript...

HPE System Management 7.6.0.11 Cross Site Scripting

Product: HPE System Management Homepage Versions: 7.6.0.11 and minor versions Vulnerability: JavaScript Injection in file gsearch.php, parameter prod OWASP TOP 10: A1 Injection Type: Javascript Injection Impact: Allows an attacker to perform an XSS Cross-Site Scripting attack, execute arbitrary...

IBM WebSphere Portal Cross-Site Scripting Vulnerability (CNVD-2018-06508)

IBM WebSphere Portal is a suite of enterprise portal software from IBM. The software creates a platform that connects an organization internally and externally, allowing employees, customers and suppliers to access internal data through the platform. A cross-site scripting vulnerability exists in...

MyBB Cross-Site Scripting Vulnerability (CNVD-2018-05067)

MyBB aka MyBulletinBoard is a free and web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A cross-site scripting vulnerability exists in MyBB version 1.8.14. A remote attacker can use the...