IBM Connections Cross-Site Scripting Vulnerability (CNVD-2018-03881)

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...

IBM Rhapsody Design Manager Cross-Site Scripting Vulnerability

IBM Rhapsody Design Manager DM is a suite of collaborative design management software from IBM. The software supports the use of centralized system repositories with Web-based access to store, share, search, and manage design models, as well as software to automate design reviews. A cross-site...

IBM Maximo Anywhere Cross-Site Scripting Vulnerability

IBM Maximo Anywhere is a suite of next-generation mobile solutions from IBM USA built on the IBM Worklight platform. The solution supports remote access to IBM Maximo Asset Management a comprehensive asset lifecycle and maintenance management solution workflow and asset management via mobile...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2018-05823)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A cross-site...

CVE-2018-1415

IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138821...

CVE-2017-18092

CVE-2017-18092 affects Atlassian Crucible; the print snippet resource is vulnerable to cross-site scripting (XSS) via the contents of a comment on the snippet, in versions before 4.4.3 (the fixed 4.4.x line) and before 4.5.0. The underlying issue is rendering user-supplied comment content, allowi...

Cross-site Scripting (XSS)

superset is vulnerable to cross-site scripting XSS attacks. A malicious user is able to inject and execute arbitrary Javascript when generating links in markdown or in the chart description...

IBM API Connect Cross-Site Scripting Vulnerability (CNVD-2018-03884)

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. A cross-site scripting vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.6.4, 5.0.7...

Atlassian Confluence Server Cross-Site Scripting Vulnerability (CNVD-2018-03444)

Atlassian Confluence Server is a suite of professional enterprise knowledge management and collaboration software from Atlassian Australia, which can also be used to build an enterprise WiKi. the software enables collaboration and knowledge sharing amongst team members. A cross-site scripting...

CVE-2017-18039

The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the messagesThreshold parameter...

CVE-2017-18085

CVE-2017-18085 affects Atlassian Confluence Server prior to version 6.6.1, with a reflected XSS in the viewdefaultdecorator resource via the key parameter. Proof-of-impact details: arbitrary HTML/JavaScript can be injected. Affected products and versions are supported by multiple connected source...

Cross-site Scripting (XSS)

Simditor is vulnerable to cross-site scripting XSS attacks. The application does not properly sanitize the TEXTAREA element, allowing a malicious user to inject and execute arbitrary Javascript...

IBM Rational DOORS Web Access Cross-Site Scripting Vulnerability

IBM Rational DOORS is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM in the United States. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers and project...

Reflected Cross-site Scripting (XSS)

redis-commander is vulnerable to reflected cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through the highlighterId parameter in the web/static/jstree/docs/syntax/clipboard.swf file...

Oracle Financial Services Analytical Application XXE / XSS Vulnerabilities

Exploit for multiple platform in category web applications The Oracle Financial Services Analytical Application is affected by an XML External Entity XXE vulnerability which may lead to disclosing sensitive information. It is also affected by a reflected cross site scripting XSS issue. Vendor...

Cross site scripting

A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content...

CVE-2017-15092

A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content...

Moodle cross-site scripting vulnerability (CNVD-2018-02376)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A cross-site scripting vulnerability exists in version 3.x of Moodle. A remote attacke...

Arbitrary Code Execution

mathjs is vulnerable to arbitrary code exection through javascript injection. The vulnerability exists as arbitrary method in Object.prototype can be called through validateSafeMethod...

Skybox Platform Cross-Site Scripting Vulnerability

Skybox PlatformAn enterprise-grade network security management platform from US-based Skybox Security. The platform features attack vector analysis, firewall management, vulnerability and threat management, and more. A cross-site scripting vulnerability exists in the title, Comments, or Descripti...