CVE-2017-9509

The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the charset of a previously uploaded file...

CVE-2017-9508

Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the name of a repository or review file...

CVE-2017-13138

DOM based Cross-site scripting XSS vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript...

Cross-Site Scripting Vulnerability in Mythos™ Documentation Management System

Mythos™ Document Management System is a library management reference platform with a professional database as the backend data storage on Windows or UNIX/Linux platform. A cross-site scripting vulnerability exists in the Mythic™ document management system, which can be exploited by remote attacke...

The vulnerability of the application interface of the IBM WebSphere Portal server allows a hacker to gain access to user credentials.

The vulnerability of the IBM WebSphere Portal application’s user interface exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to gain access to user credentials by injecting arbitrary JavaScript code into the Web UI...

OSNEXUS QuantaStor v4 Virtual Appliance Cross-Site Scripting Vulnerability

OSNEXUS QuantaStor v4 virtual appliance is a virtual storage appliance from OSNEXUS USA. A cross-site scripting vulnerability exists in OSNEXUS QuantaStor v4 virtual appliance versions prior to 4.3.1. A remote attacker can exploit this vulnerability to inject arbitrary HTML or JavaScript code...

Stored Cross-Site Scripting Vulnerability in DocCMS x1.0

DocCMS rice husk enterprise building system, also known as rice husk cms, doccms, formerly known as deep throat enterprise building system ShlCms, is the industry's leading free open source enterprise website building system, enterprise website generation system. DocCMS x1.0 online message at the...

CVE-2017-7799

JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting XSS attack...

IBM iNotes Cross-Site Scripting Vulnerability (CNVD-2017-27829)

IBM iNotes also known as IBM Lotus iNotes is the United States IBM's set of Web-based e-mail software. A cross-site scripting vulnerability exists in IBM iNotes versions 8.5 and 9.0. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

IBM Content Navigator Cross-Site Scripting Vulnerability

IBM Content Navigator enhances your business processes, improves productivity and increases customer engagement by transforming the way content is accessed, delivered and presented. A cross-site scripting vulnerability exists in IBM Content Navigator, which allows an attacker to embed arbitrary...

IBM Worklight Cross-Site Scripting Vulnerability

IBM Worklight is a suite of solutions for developing, testing, managing and securing HTML5, hybrid and native mobile applications from IBM USA. A cross-site scripting vulnerability exists in IBM Worklight. A remote attacker can inject arbitrary JavaScript code into the Web UI...

MantisBT admin/install.php file cross-site scripting vulnerability

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in the admin/install.php file in versions 2.x prior to MantisBT 2.5.2 an...

CVE-2017-12061

An XSS issue was discovered in admin/install.php in MantisBT before 1.3.12 and 2.x before 2.5.2. Some variables under user control in the MantisBT installation script are not properly sanitized before being output, allowing remote attackers to inject arbitrary JavaScript code, as demonstrated by...

IIBM WebSphere Portal Cross-Site Scripting Vulnerability (CNVD-2017-21252)

IBM WebSphere Portal is a suite of enterprise portal software from IBM. The software creates a platform that connects the internal and external parts of an organization, allowing employees, customers and suppliers to access internal data through the platform. A cross-site scripting vulnerability...

PT-2017-2624

Name of the Vulnerable Software and Affected Versions IBM WebSphere Portal and Web Content Manager versions 7.0 through 9.0 Description The issue allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure...

Cagintranet Networks GetSimple CMS Cross-Site Scripting Vulnerability

Cagintranet Networks GetSimple CMS is an XML-based content management system CMS from Cagintranet Networks, USA. The system includes a theme selector and editor, component editor, image and file managers, and more. A cross-site scripting vulnerability exists in Cagintranet Networks GetSimple CMS...

NexusPHP Cross-Site Scripting Vulnerability (CNVD-2017-26595)

NexusPHP is a resource sharing community solution written in PHP developed by the Nexus team in China. A cross-site scripting vulnerability exists in NexusPHP version 1.5. A remote attacker can use the javascript: or data: URL in the UBBCode url tag to inject arbitrary web script or HTML...

IBM Rational Software Architect Design Manager Cross-Site Scripting Vulnerability

IBM Rhapsody Design Manager DM is a suite of collaborative design management software from IBM. The software supports the use of centralized system repositories with Web-based access to store, share, search, and manage design models, as well as software to automate design reviews. A cross-site...

IBM Rhapsody DM Cross-Site Scripting Vulnerability

IBM Rhapsody Design Manager DM is a suite of collaborative design management software from IBM. The software supports the use of centralized system repositories with Web-based access to store, share, search, and manage design models, as well as software to automate design reviews. A cross-site...

IBM WebSphere Application Server Cross-Site Scripting Vulnerability (CNVD-2017-25756)

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM WAS. A...