Cross-Site Scripting (XSS)

dolibarr is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the transphrase parameter in notice.php due to the application not performing output encoding before displaying on the user's browser...

Q'center Virtual Appliance Cross-Site Scripting Vulnerability

QNAP Q'center Virtual Appliance is a virtual appliance from QNAP Systems for deploying Q'center QNAP NAS Management Platform in virtual environments such as Microsoft Hyper-V, VMware ESXi and Workstation. A cross-site scripting vulnerability exists in QNAP Q'center Virtual Appliance version...

CVE-2018-0723

Cross-site scripting XSS vulnerability in Q'center Virtual Appliance 1.8.1014 and earlier versions could allow remote attackers to inject Javascript code in the compromised application, a different vulnerability than CVE-2018-0724...

The vulnerability of the IBM WebSphere Portal software arises from the lack of measures taken to protect the structure of the web page. This allows attackers to disclose user credentials during a secure session.

The vulnerability of the IBM WebSphere Portal software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to gain access to user credentials during a secure session, thereby allowing the insertion of arbitra...

The vulnerability of the IBM WebSphere Portal software arises from the lack of measures taken to protect the structure of the web page. This allows attackers to disclose user credentials during a secure session.

The vulnerability of the IBM WebSphere Portal software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to gain access to user credentials during a secure session, thereby allowing the insertion of arbitra...

The vulnerability of the IBM WebSphere Portal software arises from the lack of measures taken to protect the structure of the web page. This allows attackers to disclose user credentials during a secure session.

The vulnerability of the IBM WebSphere Portal software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to gain access to user credentials during a secure session, thereby allowing the insertion of arbitra...

CVE-2018-5411

Pixar's Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. An attacker could insert Javascript into...

Cross-Site Scripting (XSS)

dnn.platform is vulnerable to cross-site scripting. The return URL is not sanitized which allows for remote attackers to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

CVE-2018-0716

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application...

IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2018-24367)

IBM Rational Collaborative Lifecycle Management CLM and so on are the products of IBM Corporation in the U.S.A. IBM Rational Collaborative Lifecycle Management is a set of collaborative lifecycle management solutions.Rational IBM Rational Collaborative Lifecycle Management CLM is a collaborative...

QNAP QTS Cross-Site Scripting Vulnerability (CNVD-2018-24263)

QNAP QTS is a Turbo NAS operating system from QNAP Systems. The system provides file storage, management, backup, multimedia applications and security monitoring. A cross-site scripting vulnerability exists in QNAP QTS version 4.2.6 build 20180711 and earlier, 4.3.3 build 20180725 and earlier, an...

CVE-2018-0719

Cross-site Scripting XSS vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions ...

CVE-2018-12241

The Symantec Security Analytics SA 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting XSS vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks ...

Cross-site Scripting (XSS)

bootstrap-datepicker is vulnerable to a cross-site scripting XSS attack. The library does not properly handle the jQuery for the date container, allowing a malicious user to inject arbitrary Javascript...

Cross-Site Scripting (XSS)

validator is vulnerable to cross-site scripting. A remote attacker is able to bypass XSS filters via nested forbidden strings to inject arbitrary Javascript into a victim’s browser to steal session tokens or perform unwanted actions on behalf of the user...

The vulnerability of the login page of the GlobalProtect firewall’s web interface allows a hacker to inject arbitrary JavaScript or HTML code.

The vulnerability of the login page of the GlobalProtect web interface in the PAN-OS operating system arises from insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code...

Cross-site Scripting (XSS)

notebook is vulnerable to a cross-site scripting XSS attack. The library does not properly sanitize URLs passed through a directory name, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-Site Scripting (XSS)

flowplayer is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the callback parameter in the Flash fallback feature, allowing the attacker to steal session tokens or perform unwanted actions on behalf of the user. This...

Cross-Site Scripting (XSS)

Plupload is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the id parameter to steal session tokens or perform unwanted actions on behalf of the user...

Cross-Site Scripting (XSS)

DotNetNuke.Core is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user via the dnnVariable parameter to the default URI...