CVE-2016-8751

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...

Cross site scripting

IBM Quality Manager RQM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120662...

CVE-2017-1104

IBM Quality Manager RQM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120666...

FIN7 Hitting Restaurants with Fileless Malware

FIN7, closely associated with the notorious Carbanak group, is behind a targeted phishing campaign singling out restaurants with fileless malware that is difficult to detect. The recent campaign incorporates, “never before seen evasive techniques that allow malware to bypass most security...

CVE-2017-1276

IBM DOORS Next Generation DNG/RRC 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force I...

CVE-2017-1305

IBM DOORS Next Generation DNG/RRC 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID...

Google Chrome < 59.0.3071.86 Multiple Vulnerabilities

Binary data 700131.pasl...

CVE-2017-9298

Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code...

CVE-2017-9298

Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code...

CVE-2017-9298

CVE-2017-9298 is a cross-site scripting vulnerability in Hitachi Device Manager prior to 8.5.2-01 and Hitachi Replication Manager prior to 8.5.2-00. It enables authenticated remote users to execute arbitrary JavaScript in the affected web interfaces. Supported references list the affected product...

Design/Logic Flaw

An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page aka mqtt.html of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That particular page allows a user to remotely configu...

Cross site scripting

IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732...

CVE-2017-1320

IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732...

INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields

Stored XSS in INFOR EAM V11.0 Build 201410 via comment fields ------------------- Assigned CVE: CVE-2017-7953 Reproduction steps: ------------------- 1. Log in with your EAM account 2. Go to the jobs page 3. Click on a record and open its page 4. Go to "Comments" tab 4. Click the add new comment...

Cross site scripting

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114516...

Live Helper Chat 2.58v Cross Site Scripting

COMPASS SECURITY ADVISORY https://www.compass-security.com/en/research/advisories/ CSNC ID: CSNC-2017-004 Product: Live Helper Chat 1 Vendor: Live Helper Chat Subject: Cross-Site Scripting - XSS Risk: High Effect: Remotely exploitable Author: Sylvain Heiniger [email protected]...

Cross-site Scripting (XSS)

manila-ui is vulnerable to reflected cross-site scripting XSS. The Create Share form takes user-supplied metadata and passes it to a call to marksafe. This allows remotely authenticated, but unprivileged users to insert JavaScript code...

CVE-2016-9980

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

CVE-2016-3038

IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 114614...

Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting Exploit

Exploit for multiple platform in category web applications child = mfirstChild removeBetweennullptr, child-nextSibling, child; notifyChildNodeRemovedthis, child; If the location hash value is set, the page will give focus to the associated element. However, if there is a stylesheet that has not...