CVE-2017-15215

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...

Magento E-Commerce Platform Cross-Site Scripting Vulnerability

Magento E-Commerce Platform is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions . A cross-site scripting vulnerability exists in Magento E-Commerce Platform version 1.9.0.1. ...

IBM Rational Engineering Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2017-33349)

IBM Rational Engineering Lifecycle Manager RELM is a suite of engineering lifecycle management software from IBM in the United States. A cross-site scripting vulnerability exists in IBM RELM. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

IBM Rational Engineering Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2017-33353)

IBM Rational Engineering Lifecycle Manager RELM is a suite of engineering lifecycle management software from IBM in the United States. A cross-site scripting vulnerability exists in IBM RELM. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

IBM Rational Engineering Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2017-33346)

IBM Rational Engineering Lifecycle Manager RELM is a suite of engineering lifecycle management software from IBM in the United States. A cross-site scripting vulnerability exists in IBM RELM. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

CVE-2017-9537

SolarWinds Network Performance Monitor 12.0.15300.90 is affected by CVE-2017-9537 (and related records) due to a persistent XSS in the Add Node function. An attacker can inject arbitrary JavaScript into multiple vulnerable parameters (e.g., City, Comments, Department) during node-adding workflows...

CVE-2017-14957

Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can for example change global settings or create/delete posts. It is also possible to execute JavaScript against...

CVE-2017-14957

CVE-2017-14957 is a stored XSS vulnerability in BlogoText prior to 3.7.6. The attack path is through a comment in inc/conv.php, allowing an unauthenticated attacker to inject JavaScript. If the victim is an administrator, the attacker can alter global settings or create/delete posts; it can also ...

Cross site scripting

Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users...

Tine 2.0 stored cross-site scripting vulnerability (CNVD-2017-30082)

Tine 2.0 provides classic groupware components and sets the standard in the collaboration space. A stored cross-site scripting vulnerability exists in Tine 2.0, which allows authenticated users to inject JavaScript using the vulnerability...

Tine 2.0 Stored Cross-Site Scripting Vulnerability

Tine 2.0 provides classic groupware components and sets the standard in the collaboration space. A stored cross-site scripting vulnerability exists in Tine 2.0, which can be exploited by authenticated users to inject JavaScript...

Tine 2.0 stored cross-site scripting vulnerability (CNVD-2017-30081)

Tine 2.0 provides classic groupware components and sets the standard in the collaboration space. A stored cross-site scripting vulnerability exists in Tine 2.0, which allows authenticated users to inject JavaScript using the vulnerability...

eGroupWare Stored Cross-Site Scripting Vulnerability

eGroupWare is a multi-user, WEB-based workware suite developed on the basis of customization sets on a PHP-based API. A stored cross-site scripting vulnerability exists in eGroupWare, which allows remote attackers to inject JavaScript via the User-Agent HTTP header which is incorrectly handled...

CVE-2017-14923

Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users...

CVE-2017-14922

CVE-2017-14922 describes a stored XSS in Tine 2.0 Community Edition prior to 2017.08.4. An authenticated user can inject JavaScript via an IMG element in History views (Profile, Calendar, Tasks, CRM); the payload is mishandled during rendering by admins and other users. The affected software is T...

Cross-Site Scripting (XSS)

Pypeline is vulnerable to cross-site scriptingXSS attacks. The Python library allows the passing of Javascript to the Markup processor...

The vulnerability of the “/com.sap.portal.design.datamigration.LogPortalComponent” component of the SAP NetWeaver software integration platform allows a hacker to inject any HTML tags into the page.

The vulnerability of the “/com.sap.portal.design.datamigration.LogPortalComponent” component of the SAP NetWeaver software integration platform exists due to the lack of measures taken to protect the structure of the web page. This vulnerability allows a malicious actor to inject arbitrary HTML...

The vulnerabilities of the components “/com.sap.portal.themes.integrity.personalization”, “/com.sap.portal.themes.integrity.url”, and “/com.sap.portal.themes.integrity.serverFrameworkCockpit” of the SAP NetWeaver software integration platform allow a malicious individual to inject arbitrary HTML tags into a page.

The vulnerability of the components “/com.sap.portal.themes.integrity.personalization”, “/com.sap.portal.themes.integrity.url”, and “/com.sap.portal.themes.integrity.serverFrameworkCockpit” of the SAP NetWeaver software integration platform exists due to the lack of measures taken to protect the...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2017-34480)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2017-34482)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM...