5963 matches found
CVE-2017-12979
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution...
CVE-2017-12979
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution...
CVE-2017-12980
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as...
CVE-2017-12979
DokuWiki (until 2017-02-19c) is affected by CVE-2017-12979 due to stored XSS in /inc/parser/xhtml.php when rendering a malicious language name inside a code element. Exploitation requires an attacker to create or edit a wiki page to trigger JavaScript execution. The issue is a server-side renderi...
CVE-2017-12979
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution...
CVE-2017-12980
DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as...
IBM InfoSphere Streams Cross-Site Scripting Vulnerability
IBM InfoSphere Streams is a suite of data analytics platforms from IBM in the United States. The platform enables user-developed applications to quickly access, analyze and correlate information from multiple real-time sources. A cross-site scripting vulnerability exists in IBM InfoSphere Streams...
Wordpress Vospari Forms plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . wordpress Vospari Forms is one of the registration form plugin . form submission is one of the form submission...
CVE-2017-11727
services/systemio/actionprocessor/Contact.rails in ConnectWise Manage 2017.5 allows arbitrary client-side JavaScript code execution involving a ContactCommon field on victims who click on a crafted link, aka XSS...
Roundcube Webmail Cross-Site Scripting Vulnerability (CNVD-2017-18573)
RoundCube Webmail is a browser-based IMAP client mail client that supports address book management, message searching, spell checking and more. A cross-site scripting vulnerability exists in Roundcube Webmail version 1.1.5. A remote attacker can exploit this vulnerability to execute JavaScript...
CVE-2017-1000033
Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...
CVE-2017-1000033
Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...
CVE-2017-1000038
WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored XSS resulting in attacker being able to execute JavaScript on the affected site...
Cross site scripting
Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...
CVE-2017-1000033
Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...
Microsoft SharePoint Server CVE-2017-8569 Remote Privilege Escalation Vulnerability
Description Microsoft SharePoint Server is prone to a remote privilege-escalation vulnerability because it fails to properly sanitize user-supplied input. An attackers may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microso...
A vulnerability in the web console of the Antivirus Casper 8.0 anti-virus software allows for the transfer of JavaScript code executed by the client browser.
The vulnerability of the Antivirus Kaspersky 8.0 web console for Linux File Servers relates to the execution of scripts across sites. Exploiting this vulnerability allows a malicious actor to inject JavaScript code through a specially crafted GET request, with the JavaScript code specified in the...
Mail.ru: XSS bypass Script execute,Read any file,execute any javascript code--UXSS
Mail attachment XSS bypass vulnerability--UXSS Vulnerability impact: Mail.Ru Mail for iOS MyMail for iOS explain: Mail app supports HTML attachments, however,Cannot execute javascript. for example alert/xss/ These statements can not be executed in the html attachments...LOL However, the addition ...
Rapid7 Metasploit Editions Cross-Site Scripting Vulnerability
Rapid7 Metasploit is an open source security vulnerability detection tool from Rapid7, Inc. Metasploit Express, Community and Pro are different versions. A cross-site request forgery vulnerability exists in Rapid7 Metasploit Express, Community, and Pro, which stems from the program failing to...
Gratipay: CSP Policy Bypass and javascript execution Still Not Fixed
Summary Content Security Policy CSP is a computer security standard introduced to prevent cross-site scripting XSS, clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. CSP provides a standard method for website owners to...