CVE-2017-3948

Cross Site Scripting XSS in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint DLP Endpoint 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session...

Vaadin Framework 7.7.6 - 7.7.9 Javascript Injection Vulnerability

Vaadin Framework is prone to a Javascript injection vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:vaadin:vaadin"...

IBM RCLM and RELM Cross-Site Scripting Vulnerabilities

IBM Rational Collaborative Lifecycle Management RCLM provides requirements management, quality management, change and configuration management, and project planning and tracking.IBM Rational Engineering Lifecycle Manager RELM visualizes, analyzes, and organize engineering lifecycle data and data...

Cross-site scripting vulnerability in multiple IBM products (CNVD-2017-11422)

IBM Rational Collaborative Lifecycle Management CLM and Rational Quality Manager RQM are both products of the U.S. company IBM. The former is a collaborative lifecycle management solution, the latter is a collaborative, Web-based quality management solution. A cross-site scripting vulnerability...

IBM Rational Collaborative Lifecycle Management and Rational Quality Manager Cross-Site Scripting Vulnerability

IBM Rational Collaborative Lifecycle Management CLM and Rational Quality Manager RQM are both products of the U.S. company IBM. The former is a collaborative lifecycle management solution, the latter is a collaborative, Web-based quality management solution. A cross-site scripting vulnerability...

IBM Rational Collaborative Lifecycle Management and Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2017-11424)

IBM Rational Collaborative Lifecycle Management CLM and Rational Quality Manager RQM are both products of the U.S. company IBM. The former is a collaborative lifecycle management solution, the latter is a collaborative, Web-based quality management solution. A cross-site scripting vulnerability...

CVE-2017-9451

Cross site scripting XSS vulnerability in pages.editform.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATHINFO in an acp.php URL, due to use of unsanitized $SERVER'PHPSELF' to generate URLs...

IBM Rational DOORS Next Generation Station Scripting Vulnerability (CNVD-2017-08547)

IBM Rational DOORS Next Generation DNS is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM, USA. The software provides a single platform for global team collaboration to manage requirements more efficiently and share unified user, server and project...

CVE-2017-9420

Cross site scripting XSS vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter...

Contiki Operating System cc26xx-web-demo Cross-Site Scripting Vulnerability

Contiki Operating System is a small, open source, extremely portable multitasking operating system. cc26xx-web-demo is the application used to connect to cloud services. A cross-site scripting vulnerability exists in the MQTT/IBM Cloud Config page a.k.a. mqtt.html of cc26xx-web-demo in the Contik...

Storage-based Cross-site Scripting Vulnerability in Zibo Shining Network Technology Co. Ltd.'s Flash Website Building System

Flash CMS is a flash website system developed by Zibo Flash Network Technology Co. There is a stored cross-site scripting vulnerability in the flash CMS of Zibo Shining Network Technology Co. Attackers can use this vulnerability to insert malicious js code in the page, obtain user cookies and oth...

F5 BIG-IP APM Cross-Site Scripting Vulnerability

The F5 BIG-IP is a load balancer that uses a variety of distribution algorithms to distribute network requests to available servers in a server cluster, enabling network visitors to have the best possible networking experience by managing incoming Web data traffic and increasing effective network...

CVE-2016-9257

In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to...

Cross-site Scripting (XSS)

github.com/gogits/gogs is vulnerable cross-site scripting XSS attacks. The library does not sanitize its user input, allowing a malicious user to inject and execute arbitrary JavaScript...

Cross-Site Scripting in PAN-OS

A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for a cross-site scripting XSS attack. PAN-OS does not properly validate specific request parameters. Ref PAN-70674 / CVE-2017-7409 Successful exploitation of this issue may allow an attacker to inject arbitrar...

CVE-2016-3031

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998887...

CVE-2016-8935

IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

Mail.ru: Stored XSS in e.mail.ru (payload affect multiple users)

Hi, We have found a high risk level STORED XSS in e.mail.ru chat, the status change function allow to inject malicious payload in javascript & HTML, The attack affect multiple users and run in auto mode, no need a user interaction. Vulnerability affect any user that have been invited to your chat...

Shimmie Cross-Site Scripting Vulnerability

Shimmie is a danbooru style image board that is easy to install, run and extend. Shimmie suffers from a cross-site scripting vulnerability that arises due to a failure to effectively filter user-submitted data, allowing an attacker to plant arbitrary JavaScript code on the target website to obtai...

Unspecified Cross-Site Scripting Vulnerability in SAP BusinessObjects Web Intelligence

SAP BusinessObjects Germany SAP SAP company developed a provide a variety of business intelligence software, information management software, enterprise performance management solutions, regulatory, risk and compliance solutions. An unspecified cross-site scripting vulnerability exists in SAP...