Cross-site Scripting (XSS)

github.com/gogits/gogs is vulnerable cross-site scripting XSS attacks. The library does not sanitize its user input, allowing a malicious user to inject and execute arbitrary JavaScript...

Cross-Site Scripting in PAN-OS

A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for a cross-site scripting XSS attack. PAN-OS does not properly validate specific request parameters. Ref PAN-70674 / CVE-2017-7409 Successful exploitation of this issue may allow an attacker to inject arbitrar...

CVE-2016-3031

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998887...

CVE-2016-8935

IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

Mail.ru: Stored XSS in e.mail.ru (payload affect multiple users)

Hi, We have found a high risk level STORED XSS in e.mail.ru chat, the status change function allow to inject malicious payload in javascript & HTML, The attack affect multiple users and run in auto mode, no need a user interaction. Vulnerability affect any user that have been invited to your chat...

Shimmie Cross-Site Scripting Vulnerability

Shimmie is a danbooru style image board that is easy to install, run and extend. Shimmie suffers from a cross-site scripting vulnerability that arises due to a failure to effectively filter user-submitted data, allowing an attacker to plant arbitrary JavaScript code on the target website to obtai...

Unspecified Cross-Site Scripting Vulnerability in SAP BusinessObjects Web Intelligence

SAP BusinessObjects Germany SAP SAP company developed a provide a variety of business intelligence software, information management software, enterprise performance management solutions, regulatory, risk and compliance solutions. An unspecified cross-site scripting vulnerability exists in SAP...

IBM WebSphere Portal Cross-Site Scripting Vulnerability

IBM WebSphere Portal is a set of enterprise portal software developed by IBM. The software creates a platform that connects the internal and external parts of an organization, allowing employees, customers and suppliers to access internal data through the platform. A cross-site scripting...

Stored Cross-Site Scripting Vulnerability in DuoDuoRebate.com System Tag Parameters

DuoDuo rebate system is for e-commerce rebate, shopping guide to provide solutions, is the open source PHP rebate site system. DuoDuo rebate website system V8.3UTF8 official version February 10, 2017 there are stored cross-site scripting vulnerabilities. Due to the tag parameter failed to filter ...

CVE-2017-6799

A cross-site scripting XSS vulnerability in viewfilterspage.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'viewtype' parameter...

CVE-2017-6799

A cross-site scripting XSS vulnerability in viewfilterspage.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'viewtype' parameter...

CVE-2017-6797

A cross-site scripting XSS vulnerability in bugchangestatuspage.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'actiontype' parameter...

CVE-2017-6547

Cross-site scripting XSS vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmwa...

CVE-2017-6547

Cross-site scripting XSS vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmwa...

Cross site scripting

Cross-site scripting XSS vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmwa...

IBM Connections Cross-Site Scripting Vulnerability (CNVD-2017-02723)

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...

CVE-2016-6055

IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Referen...

IBM Security Access Manager Arbitrary Code Injection Vulnerability

IBM Security Access Manager is a security access manager from IBM USA. A security vulnerability exists in IBM Security Access Manager. An attacker can exploit the vulnerability to inject arbitrary JavaScript script code, causing credential disclosure in a trusted session...

CVE-2016-6061

IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2016-6125

IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...