5059 matches found
IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2018-20549)
IBM Rational Quality Manager RQM is a collaborative, Web-based quality management solution from IBM. The program provides test planning and test evaluation management methods within the entire software development lifecycle, and the ability to share information, automation to accelerate the proje...
IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2018-20548)
IBM Rational Quality Manager RQM is a collaborative, Web-based quality management solution from IBM. The program provides test planning and test evaluation management methods within the entire software development lifecycle, and the ability to share information, automation to accelerate the proje...
IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2018-20547)
IBM Rational Quality Manager RQM is a collaborative, Web-based quality management solution from IBM. The program provides test planning and test evaluation management methods within the entire software development lifecycle, and the ability to share information, automation to accelerate the proje...
IBM Rational Collaborative Lifecycle Management Cross-Site Scripting Vulnerability (CNVD-2018-20674)
IBM Rational Collaborative Lifecycle Management is a suite of collaborative design model management software from IBM in the United States. The software supports the use of centralized system repositories for storing, sharing, searching and managing design models, as well as automated software...
Cross-site Scripting (XSS)
coastercms is vulnerable to cross-site scripting XSS attacks. A malicious user can pass a POST request to the application to inject and execute arbitrary Javascript...
Cross-Site Scripting (XSS)
intelliants/subrion is vulnerable to cross-site scripting. An attacker is able to inject arbitrary Javascript into a victim's browser via the titlesen parameter in core/admin/pages/add/ to steal session cookies or perform unwanted actions on behalf of the user...
CVE-2018-14037
Cross-site scripting XSS vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload...
Cross site scripting
Cross-site scripting XSS vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the editor, the payload...
IBM WebSphere Portal Cross-Site Scripting Vulnerability (CNVD-2018-20233)
IBM WebSphere Portal is a suite of enterprise portal software from IBM. The software creates a platform that connects the internal and external parts of an organization, allowing employees, customers and suppliers to access internal data through the platform. A cross-site scripting vulnerability...
Cross-Site Scripting (XSS)
dojo is vulnerable to cross-site scripting. User input is not sanitized in the server response before being displayed on a user's browser. An attacker is able to inject arbitrary Javascript into a victim's browser through a crafted URL via the status parameter...
Cross-site Scripting (XSS)
atmosphere-runtime is vulnerable to a cross-site scripting XSS attack. The library does not properly escape the JSONP callback parameter when passed to the server, allowing a malicious user to inject and execute arbitrary Javascript through it...
TradingView Cross-Site Scripting Vulnerability
TradingView Charting Library is an open source and free K chart analysis tool, with a comprehensive API. support for ordinary json data UDF, there is also support for websocket JSAPI, most of the digital currency exchanges use this component library as a K line analysis tool. TradingView has a...
Cross-Site Scripting (XSS)
rack-mini-profiler is vulnerable to cross-site scripting. The user info displayed in Error 404 pages is not HTML encoded which could potentially allow an attacker to inject arbitrary Javascript code into a victim's browser...
Cross-site Scripting (XSS)
mayan-edms is vulnerable to cross-site scripting XSS attacks. The library does not properly escape tag labels, allowing a malicious user to inject and execute arbitrary Javascript...
Cross-site Scripting (XSS)
exceljs is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the cells in the table, allowing a malicious user to inject and execute arbitrary Javascript...
X (Formerly Twitter): HTTPS is not validating TLS mac codes
https://twitterflightschool.com is prone to POODLE and also a stronger variant of POODLE which allows a MITM attacker to actively decrypt bytes from an HTTPS request. This attack is possible because the device terminating this TLS connection responds differently to a bad record mac when the last...
QNAP Photo Station Cross-Site Scripting Vulnerability
QNAP Photo Station is a web-based photo album application from QNAP Systems that supports organizing and sharing photos and movies on a NAS over the Internet. A cross-site scripting vulnerability exists in QNAP Photo Station 5.7.0 and prior versions. A remote attacker can exploit the vulnerabilit...
CVE-2018-0715
Cross-site scripting vulnerability in QNAP Photo Station versions 5.7.0 and earlier could allow remote attackers to inject Javascript code in the compromised application...
PortSwigger Web Security: Browser Self XSS Protection not implemented
Hi Self XSS Protection not used ,An attacker can trick users to insert JavaScript in browser console. A Self-XSS scam usually works by promising to help you access somebody else's account. Instead, the scammer tricks you into gaining access to your account for fraud, spam and tricking more people...
Cross-Site Scripting (XSS)
Mort Bay jetty is vulnerable to cross-site scripting XSS. The server response from a directory listing request is not sanitized and allows an attacker to inject arbitrary Javascript into a victim's browser via a ; semicolon character...