CVE-2018-3810

Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code via the sgcgoogleanalytic parameter that runs on all pages served by WordPress. The saveGoogleCode function in...

content.golfscape.com XSS vulnerability

Open Bug Bounty ID: OBB-467054 Description| Value ---|--- Affected Website:| content.golfscape.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

Cross site scripting

IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692...

CVE-2017-4940

The ESXi Host Client in VMware ESXi 6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG contains a vulnerability that may allow for stored cross-site scripting XSS. An attacker can exploit this vulnerability by injecting Javascript, which might get...

IBM iNotes Cross-Site Scripting Vulnerability (CNVD-2018-00664)

IBM iNotes also known as IBM Lotus iNotes is a set of Web-based e-mail software from IBM in the United States. The software helps different types of users online and offline users to effectively manage business-critical information and collaboration. A cross-site scripting vulnerability exists in...

CVE-2017-1546

IBM DOORS Next Generation DNG/RRC 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

CVE-2017-1421

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2017-11507

A cross site scripting XSS vulnerability exists in CheckMK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the outputformat parameter, and the username parameter of failed HTTP basic authentication...

Samsung Internet Browser SOP Bypass

This module takes advantage of a Same-Origin Policy SOP bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up. Thi...

IBM Sterling File Gateway Cross-Site Scripting Vulnerability

IBM Sterling File Gateway is a suite of file transfer software from IBM in the United States. The software integrates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet. A cross-site scripting vulnerability exists in IBM Sterling...

Ubiquiti Inc.: Stored XSS => community.ubnt.com

Due to an error on the user input validation process, it was possible to create posts in some forums on community.ubnt.com with arbitrary HTML code, an especially crafted message could inject Javascript code on the page, resulting in stored XSS. A Stored XSS issue Was Discovered in ubnt Community...

IBM DOORS Next Generation Cross-Site Scripting Vulnerability (CNVD-2017-38359)

IBM Rational DOORS Next Generation DNG/RRC is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM, USA. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers and project...

Cross-site Scripting (XSS)

Concrete5 is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary JavaScript through parameters in the conversation editor...

IBM Rational DOORS Next Generation Cross-Site Scripting Vulnerability (CNVD-2017-37832)

IBM Rational DOORS Next Generation DNG and Rational Requirements Composer RRC are both requirements management solutions from IBM USA. The solutions are primarily used to define, manage, and report on requirements throughout the project lifecycle. A cross-site scripting vulnerability exists in IB...

IBM Rational DOORS Next Generation Cross-Site Scripting Vulnerability (CNVD-2017-37834)

IBM Rational DOORS Next Generation DNG and Rational Requirements Composer RRC are both requirements management solutions from IBM USA. The solutions are primarily used to define, manage, and report on requirements throughout the project lifecycle. A cross-site scripting vulnerability exists in IB...

CVE-2017-7840

JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripti...

UBUNTU-CVE-2017-7840

JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripti...

Home Assistant Cross-Site Scripting Vulnerability

Home Assistant is an open source platform for automated management of home network devices. A cross-site scripting vulnerability exists in versions of Home Assistant prior to 0.57. A remote attacker can exploit this vulnerability to inject JavaScript code via specially crafted Markdown text...

CVE-2017-16782

In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...

CVE-2017-16782

CVE-2017-16782 affects Home Assistant prior to 0.57. It is a cross-site scripting (XSS) vulnerability in the persistent notification rendering, where crafted Markdown text can inject JavaScript. The root cause is improper sanitization in Markdown rendering for notifications, enabling arbitrary sc...