The vulnerabilities of the components “/com.sap.portal.themes.integrity.personalization”, “/com.sap.portal.themes.integrity.url”, and “/com.sap.portal.themes.integrity.serverFrameworkCockpit” of the SAP NetWeaver software integration platform allow a malicious individual to inject arbitrary HTML tags into a page.

The vulnerability of the components “/com.sap.portal.themes.integrity.personalization”, “/com.sap.portal.themes.integrity.url”, and “/com.sap.portal.themes.integrity.serverFrameworkCockpit” of the SAP NetWeaver software integration platform exists due to the lack of measures taken to protect the...

The vulnerability of the “/com.sap.portal.design.datamigration.LogPortalComponent” component of the SAP NetWeaver software integration platform allows a hacker to inject any HTML tags into the page.

The vulnerability of the “/com.sap.portal.design.datamigration.LogPortalComponent” component of the SAP NetWeaver software integration platform exists due to the lack of measures taken to protect the structure of the web page. This vulnerability allows a malicious actor to inject arbitrary HTML...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2017-34480)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2017-34482)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM...

IBM Business Process Manager Cross-Site Scripting Vulnerability

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM...

Stored Cross-Site Scripting Vulnerability in the YoYo Housing App

YouYouGoodHouse app is a rental app created by Chengdu GoodHouse Technology Co. A stored cross-site scripting vulnerability exists in the "About Us" section of the YouYouHaoRooms app. An attacker can insert malicious js code into the page to obtain user cookies and other information, resulting in...

CVE-2017-14615

An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the...

Design/Logic Flaw

An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the...

CVE-2017-4926

VMware vCenter Server 6.5 prior to 6.5 U1 contains a vulnerability that may allow for stored cross-site scripting XSS. An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page...

Advanced Man In The Middle Framework: Xerosploit

Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for penetration testing purposes. It brings various modules together that will help you perform very efficient attacks. You can also use it to perform denial of service attacks and port scanning. Powere...

Command injection

The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell...

Cross-site Scripting (XSS)

automattic/jetpack is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary JavaScript through the modules/shortcodes/polldaddy.php file as it does not properly sanitize the uniqueid parameter...

Apache OFBiz JavaScript Code Injection Vulnerability

Apache OFBiz is an enterprise resource planning system from the Apache Software Foundation in the United States. A security vulnerability in the Apache OFBiz processing form field allows remote attackers to exploit the vulnerability to submit a special request and execute arbitrary JavaScript cod...

CVE-2016-6800

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not...

Default configuration

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not...

CVE-2016-6800

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not...

CVE-2016-6800

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not...

IBM Sametime Cross-Site Scripting Vulnerability (CNVD-2017-27544)

IBM Sametime is a suite of next-generation social communication tools from IBM in the United States. The tool helps users realize real-time business collaboration by integrating audio voice, data and video. A cross-site scripting vulnerability exists in IBM Sametime versions 8.5.2 and 9.0. A remo...

CVE-2016-2975

IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113935...

IBM Curam Social Program Management Cross-Site Scripting Vulnerability (CNVD-2017-25505)

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site scripting vulnerability exists in IBM Curam SPM. A remote attacker can exploit this vulnerability to inject...