CVE-2017-15215

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...

Cross site scripting

Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users including unauthenticated users, via the name, title, or id parameter to...

Flyspray Stored Cross-Site Scripting Vulnerability

Flyspray is a lightweight, web-based, bug tracking system written in PHP to assist in software development and project management. Flyspray suffers from a stored cross-site scripting vulnerability, which allows an authenticated user to gain administrator privileges by injecting JavaScript via the...

dotCMS Stored Cross-Site Scripting Vulnerability

dotCMS is a content management system CMS from the United States dotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A cross-site scripting vulnerability exists in the vanity-urls Title field in dotCMS version 4.1.1, which originat...

CVE-2017-15215

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...

Magento E-Commerce Platform Cross-Site Scripting Vulnerability

Magento E-Commerce Platform is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions . A cross-site scripting vulnerability exists in Magento E-Commerce Platform version 1.9.0.1. ...

IBM Rational Engineering Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2017-33349)

IBM Rational Engineering Lifecycle Manager RELM is a suite of engineering lifecycle management software from IBM in the United States. A cross-site scripting vulnerability exists in IBM RELM. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

IBM Rational Engineering Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2017-33346)

IBM Rational Engineering Lifecycle Manager RELM is a suite of engineering lifecycle management software from IBM in the United States. A cross-site scripting vulnerability exists in IBM RELM. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

IBM Rational Engineering Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2017-33353)

IBM Rational Engineering Lifecycle Manager RELM is a suite of engineering lifecycle management software from IBM in the United States. A cross-site scripting vulnerability exists in IBM RELM. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

CVE-2017-9537

SolarWinds Network Performance Monitor 12.0.15300.90 is affected by CVE-2017-9537 (and related records) due to a persistent XSS in the Add Node function. An attacker can inject arbitrary JavaScript into multiple vulnerable parameters (e.g., City, Comments, Department) during node-adding workflows...

CVE-2017-14957

Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can for example change global settings or create/delete posts. It is also possible to execute JavaScript against...

CVE-2017-14957

CVE-2017-14957 is a stored XSS vulnerability in BlogoText prior to 3.7.6. The attack path is through a comment in inc/conv.php, allowing an unauthenticated attacker to inject JavaScript. If the victim is an administrator, the attacker can alter global settings or create/delete posts; it can also ...

Cross site scripting

Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users...

eGroupWare Stored Cross-Site Scripting Vulnerability

eGroupWare is a multi-user, WEB-based workware suite developed on the basis of customization sets on a PHP-based API. A stored cross-site scripting vulnerability exists in eGroupWare, which allows remote attackers to inject JavaScript via the User-Agent HTTP header which is incorrectly handled...

Tine 2.0 stored cross-site scripting vulnerability (CNVD-2017-30082)

Tine 2.0 provides classic groupware components and sets the standard in the collaboration space. A stored cross-site scripting vulnerability exists in Tine 2.0, which allows authenticated users to inject JavaScript using the vulnerability...

Tine 2.0 stored cross-site scripting vulnerability (CNVD-2017-30081)

Tine 2.0 provides classic groupware components and sets the standard in the collaboration space. A stored cross-site scripting vulnerability exists in Tine 2.0, which allows authenticated users to inject JavaScript using the vulnerability...

Tine 2.0 Stored Cross-Site Scripting Vulnerability

Tine 2.0 provides classic groupware components and sets the standard in the collaboration space. A stored cross-site scripting vulnerability exists in Tine 2.0, which can be exploited by authenticated users to inject JavaScript...

CVE-2017-14923

Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users...

CVE-2017-14922

CVE-2017-14922 describes a stored XSS in Tine 2.0 Community Edition prior to 2017.08.4. An authenticated user can inject JavaScript via an IMG element in History views (Profile, Calendar, Tasks, CRM); the payload is mishandled during rendering by admins and other users. The affected software is T...

Cross-Site Scripting (XSS)

Pypeline is vulnerable to cross-site scriptingXSS attacks. The Python library allows the passing of Javascript to the Markup processor...