Critical: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

Mozilla: Malicious PDF can inject JavaScript into PDF Viewer

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

Cross site scripting

The invalidRedirectUrl template in Atlassian Application Links before version 5.2.7, from version 5.3.0 before version 5.3.4 and from version 5.4.0 before version 5.4.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the redirectUrl...

Mozilla Firefox JavaScript Injection Vulnerability

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. A malicious JavaScript injection vulnerability exists in Mozilla Firefox. The vulnerability arises because the PDF viewer fails to adequately validate the PostScript calculator functionality. T...

UBUNTU-CVE-2018-5158

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-5183: Backport critical security fixes in Skia CVE-2018-5154: Use-after-free with SVG animations and clip paths CVE-2018-5155: Use-after-free with SVG animations and text paths CVE-2018-5157: Same-origin bypass of PDF Viewer to view protected PDF files...

IBM BigFix Platform Cross-Site Scripting Vulnerability (CNVD-2018-08995)

IBM BigFix Platform is a dynamic integrated messaging content-driven and management system multi-technology platform from IBM in the U.S. The BigFix Console is one of the console components. A cross-site scripting vulnerability exists in the BigFix Console component and the BigFix Relay Diagnosti...

IBM Cognos Business Intelligence Cross-Site Scripting Vulnerability (CNVD-2018-08270)

IBM Cognos Business Intelligence BI is a suite of business intelligence software from IBM in the United States. The software includes reports, dashboards and scorecards, and can assist companies in adjusting their decisions by analyzing key factors and key stakeholders. A cross-site scripting...

XSS through header injection in the /browse/~raw resource - CVE-2018-5228

The /browse/raw resource in Atlassian Fisheye and Crucible before version 4.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the handling of response headers...

CVE-2018-1000163

Floodlight web console contains a Cross Site Scripting (XSS) flaw in version 1.2 and earlier. The vulnerability allows JavaScript injections when a victim browses the web console. Connected sources corroborate the XSS description but do not provide concrete exploit details, affected file paths, o...

CVE-2017-13678

Stored XSS vulnerability in the Symantec Advanced Secure Gateway ASG and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application...

Cross site scripting

Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the display url of a configured application link...

XSS in the agile wallboard gadget through quick filter names - CVE-2017-18100

The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of quick filters. h3. Workaround Disable the gadget. - Navigate to Administration Add-ons Manage add-ons and se...

WP Live Chat Support Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on servers running PHP and MySQL.WP Live Chat Support is one of the components that supports live chat. A cross-site scripting vulnerability exists...

IBM WebSphere Portal Cross-Site Scripting Vulnerability (CNVD-2018-08589)

IBM WebSphere Portal is a suite of enterprise portal software from IBM. The software creates a platform that connects an organization internally and externally, allowing employees, customers and suppliers to access internal data through the platform. A cross-site scripting vulnerability exists in...

CVE-2018-7035

Cross-site scripting XSS vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers users to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode ...

CVE-2018-7035

CVE-2018-7035 describes a Stored XSS in Gleez CMS (versions 1.2.0 and 2.0) where an attacker can inject JavaScript via HTML content in an editor. The issue is demonstrated when using the source editor in HTML mode during Add Blog, leading to Stored XSS when an Administrator edits the content. The...

CVE-2018-1188

Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially injec...

Wicket jQuery UI WYSIWYG Editor Vulnerability

Wicket jQuery UI is an API that provides all the jQuery UI integration . WYSIWYG editor is one of the editors . A security vulnerability exists in the WYSIWYG editor in Wicket jQuery UI versions 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier. An attacker can exploit the...

Kontena server/app/views/static/code.html page cross-site scripting vulnerability

Kontena is a suite of open source microservices platforms capable of running applications as containers. The 'kontena master login --remote' code on the server/app/views/static/code.html page in Kontena versions prior to 1.5.0 indicates a cross-site scripting vulnerability. A remote attacker coul...