IBM API Connect Cross-Site Scripting Vulnerability (CNVD-2018-03884)

IBM API Connect aka APIConnect is an integrated solution for managing the API lifecycle from IBM USA. The solution supports creating, running, managing and securing APIs, microservices and more. A cross-site scripting vulnerability exists in IBM API Connect versions 5.0.0.0 through 5.0.6.4, 5.0.7...

Atlassian Confluence Server Cross-Site Scripting Vulnerability (CNVD-2018-03444)

Atlassian Confluence Server is a suite of professional enterprise knowledge management and collaboration software from Atlassian Australia, which can also be used to build an enterprise WiKi. the software enables collaboration and knowledge sharing amongst team members. A cross-site scripting...

CVE-2017-18039

The IncomingMailServers resource in Atlassian Jira from version 6.2.1 before version 7.4.4 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the messagesThreshold parameter...

CVE-2017-18085

CVE-2017-18085 affects Atlassian Confluence Server prior to version 6.6.1, with a reflected XSS in the viewdefaultdecorator resource via the key parameter. Proof-of-impact details: arbitrary HTML/JavaScript can be injected. Affected products and versions are supported by multiple connected source...

Cross-site Scripting (XSS)

Simditor is vulnerable to cross-site scripting XSS attacks. The application does not properly sanitize the TEXTAREA element, allowing a malicious user to inject and execute arbitrary Javascript...

IBM Rational DOORS Web Access Cross-Site Scripting Vulnerability

IBM Rational DOORS is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM in the United States. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers and project...

Reflected Cross-site Scripting (XSS)

redis-commander is vulnerable to reflected cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through the highlighterId parameter in the web/static/jstree/docs/syntax/clipboard.swf file...

Oracle Financial Services Analytical Application XXE / XSS Vulnerabilities

Exploit for multiple platform in category web applications The Oracle Financial Services Analytical Application is affected by an XML External Entity XXE vulnerability which may lead to disclosing sensitive information. It is also affected by a reflected cross site scripting XSS issue. Vendor...

Cross site scripting

A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content...

CVE-2017-15092

A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content...

Moodle cross-site scripting vulnerability (CNVD-2018-02376)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A cross-site scripting vulnerability exists in version 3.x of Moodle. A remote attacke...

Arbitrary Code Execution

mathjs is vulnerable to arbitrary code exection through javascript injection. The vulnerability exists as arbitrary method in Object.prototype can be called through validateSafeMethod...

Skybox Platform Cross-Site Scripting Vulnerability

Skybox PlatformAn enterprise-grade network security management platform from US-based Skybox Security. The platform features attack vector analysis, firewall management, vulnerability and threat management, and more. A cross-site scripting vulnerability exists in the title, Comments, or Descripti...

PrestaShop Cross-Site Scripting Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A cross-site scripting vulnerability exists in PrestaShop version 1.7.2.4. A remote...

Cross-site Scripting (XSS)

github.com/koding/koding is vulnerable to cross-site scripting XSS attacks. The application does not properly encode the about field in a user's profile, allowing a malicious user to inject and execute arbitrary Javascript...

CVE-2017-14594

The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the jqlQuery query parameter...

Symantec ProxySG Cross-Site Scripting Vulnerability

Symantec ProxySG is a security gateway appliance from Symantec USA. A cross-site scripting vulnerability exists in Symantec ProxySG. A remote attacker could exploit this vulnerability by using a specially crafted management console to inject arbitrary JavaScript code into the management console's...

Symantec ASG and ProxySG Cross-Site Scripting Vulnerabilities

Symantec Advanced Secure Gateway ASG and ProxySG are both security gateway appliances from Symantec, Inc. management console is one of the management consoles. A cross-site scripting vulnerability exists in the management console in Symantec ASG and ProxySG. A remote attacker could exploit this...

Cross Site Scripting Vulnerability in PAN-OS GlobalProtect

A vulnerability exists in PAN-OS GlobalProtect when either the gateway or the portal are configured. This issue could allow for a cross-site scripting XSS attack. Ref PAN-81586 / CVE-2017-15941 Successful exploitation of this issue may allow an attacker to inject arbitrary javascript or HTML. Thi...

Cross Site Scripting in PAN-OS Captive Portal

A vulnerability exists in PAN-OS Captive Portal that could allow for a cross-site scripting XSS attack to be performed against clients viewing the captive portal page when configured in a certain way. Ref PAN-85238 / CVE-2017-16878 Successful exploitation of this issue may allow an attacker to...