IBM Rational DOORS Next Generation Cross-Site Scripting Vulnerability (CNVD-2017-37832)

IBM Rational DOORS Next Generation DNG and Rational Requirements Composer RRC are both requirements management solutions from IBM USA. The solutions are primarily used to define, manage, and report on requirements throughout the project lifecycle. A cross-site scripting vulnerability exists in IB...

IBM Rational DOORS Next Generation Cross-Site Scripting Vulnerability (CNVD-2017-37834)

IBM Rational DOORS Next Generation DNG and Rational Requirements Composer RRC are both requirements management solutions from IBM USA. The solutions are primarily used to define, manage, and report on requirements throughout the project lifecycle. A cross-site scripting vulnerability exists in IB...

UBUNTU-CVE-2017-7840

JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripti...

CVE-2017-7840

JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripti...

Home Assistant Cross-Site Scripting Vulnerability

Home Assistant is an open source platform for automated management of home network devices. A cross-site scripting vulnerability exists in versions of Home Assistant prior to 0.57. A remote attacker can exploit this vulnerability to inject JavaScript code via specially crafted Markdown text...

CVE-2017-16782

In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...

CVE-2017-16782

CVE-2017-16782 affects Home Assistant prior to 0.57. It is a cross-site scripting (XSS) vulnerability in the persistent notification rendering, where crafted Markdown text can inject JavaScript. The root cause is improper sanitization in Markdown rendering for notifications, enabling arbitrary sc...

CVE-2017-16782

In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...

Cross-site Scripting (XSS)

swagger-ui is vulnerable to cross-site scripting XSS attacks. The library does not sanitize href links, allowing a malicious user to inject and execute arbitrary Javascript through these links...

IBM OpenPages GRC Platform Cross-Site Scripting Vulnerability (CNVD-2017-34427)

IBM OpenPages GRC Platform is a suite of platforms for managing enterprise risk and compliance from IBM in the United States. The platform provides a set of core services and functional components that cover the risk and compliance domain including operational risk, policy and compliance, financi...

IBM OpenPages GRC Platform Cross-Site Scripting Vulnerability (CNVD-2017-34429)

IBM OpenPages GRC Platform is a suite of platforms for managing enterprise risk and compliance from IBM in the United States. The platform provides a set of core services and functional components that cover the risk and compliance domain including operational risk, policy and compliance, financi...

CVE-2017-1000144

Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages...

IBM Rational DOORS Next Generation Cross-Site Scripting Vulnerability

IBM Rational DOORS Next Generation RDNG is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM in the United States. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers...

IBM Rational Team Concert Cross-Site Scripting Vulnerability (CNVD-2017-32842)

IBM Rational Team Concert RTC is the U.S. IBM's set of Jazz-based platform and support decentralized teams for real-time collaboration related to software lifecycle management solutions. A cross-site scripting vulnerability exists in IBM RTC versions 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0...

cpmstar.com XSS vulnerability

Open Bug Bounty ID: OBB-367745 Description| Value ---|--- Affected Website:| cpmstar.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

IBM Daeja ViewONE Cross-Site Scripting Vulnerability (CNVD-2017-34484)

IBM Daeja ViewONE is a document viewer from IBM that supports TIFF, PDF and Office-based documents.IBM Daeja ViewONE Virtual, Daeja ViewONE Standard and Daeja ViewONE Professional are its different Daeja ViewONE Virtual, Daeja ViewONE Standard and Daeja ViewONE Professional are different versions...

Rate Me Cross-Site Scripting Vulnerability

Rate Me is a rating script written in PHP. A cross-site scripting vulnerability exists in the rate-me.php file in Rate Me version 1.0. A remote attacker can exploit this vulnerability to inject JavaScript code...

Juniper Junos Space HTML Injection Vulnerability

Juniper Junos Space is a network management solution from Juniper Networks. The solution supports automated configuration, monitoring and troubleshooting of devices and services throughout their lifecycle. An HTML injection vulnerability exists in Juniper Junos Space versions prior to 17.1R1. A...

CVE-2017-15538

Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php...

Atlassian FishEye and Crucible Cross-Site Scripting Vulnerabilities

Atlassian FishEye and Crucible are both products of the Australian company Atlassian, FishEye is a suite of software for deep viewing of source code repositories and Crucible is a suite of code review tools. A cross-site scripting vulnerability exists in the administration user deletion resource ...