Cross site scripting

An XSS issue was discovered in manageuserpage.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled...

CVE-2017-12062

An XSS issue was discovered in manageuserpage.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled...

CVE-2017-12061

CVE-2017-12061 affects MantisBT installations via admin/install.php, with XSS caused by unsanitized user-controlled variables in the installer (notably $f_database, $f_db_username, $f_admin_username). Vulnerable versions are MantisBT < 1.3.12 and

CVE-2017-1332

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126234...

Cross site scripting

IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force I...

CVE-2016-8975

IBM Rhapsody DM 5.0–6.0 is affected by a cross‑site scripting vulnerability in the Web UI that can lead to credentials disclosure within a trusted session. The issue arises from improper input handling in the Web UI, enabling arbitrary JavaScript execution. Remediation per the IBM bulletins is to...

Dark Web Users Suspect "Dream Market" Has Also Been Backdoored by Feds

By now you might be aware of the took down of two of the largest online dark websites—AlphaBay and Hansa—in what's being called the largest-ever international operation against the dark web's black market conducted by the FBI, DEA Drug Enforcement Agency and Dutch National Police. But the...

Cisco Prime Collaboration Provisioning Tool Web Portal Cross-Site Scripting Vulnerability

A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning PCP Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. SPDX-FileCopyrightText: 2017 Greenbone AG Some text...

Cisco Prime Collaboration Provisioning Tool Web Portal Cross-Site Scripting Vulnerability

A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning PCP Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validatio...

Cross-site Scripting (XSS)

candy is vulnerable to cross-site scripting XSS attacks. Text sent by users is not sanitized in any way, allowing attackers to execute JavaScript code...

CVE-2017-1000059

Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users...

CVE-2016-8946

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 11883...

CVE-2016-8948

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 11883...

Cross site scripting

IBM Jazz Foundation Reporting Service JRS 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

CVE-2017-1217

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123857...

Khan Academy: XSS through document projects

Hello, I'm Ethan Luis McDonough @elmt2 on Khan Academy, and I found a way to inject scripts into document projects. Since KA document projects output HTML, I can edit the PUT request that updates projects https://www.khanacademy.org/api/internal/scratchpads/ID and inject JavaScript code inside an...

PHPMailer Cross Site Scripting

Title : PHPMailer alert'XSS' == Contact Me : Telegram : @ShahabShamsi Email : [email protected] WebSilte : WwW.iran123.Org...

Cross site scripting

A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser...

WebKit JSC - JIT Optimization Check Failed in IntegerCheckCombiningPhase::handleBlock

WebKit JSC - JIT Optimization Check Failed in IntegerCheckCombiningPhase::handleBlock range.mmaxBound range.mmaxBound = data.maddend; range.mmaxOrigin = node-origin.semantic; else if data.maddend origin.semantic; ... The problem is that the check |data.maddend range.mmaxBound| is a signed...

Cross site scripting

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...