CVE-2018-11415

SAP Internet Transaction Server ITS 6200.X.X has Reflected Cross Site Scripting XSS via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product...

PHP ext/phar/phar_object.c file suffers from a reflected cross-site scripting vulnerability

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

WordPress plugin "PixelYourSite" vulnerable to cross-site scripting

Overview The WordPress plugin "PixelYourSite" provided by Minimal Work SRL contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitra...

CVE-2018-9104

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...

CVE-2018-1347

The administrative web interface in NetIQ iManager, versions prior to 3.1, are vulnerable to reflected cross site scripting...

CVE-2017-14801

Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter...

ALPINE-CVE-2018-5712

An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file...

keycloak: reflected XSS using HOST header

It was found that keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server...

CVE-2017-1000033

Wordpress Plugin Vospari Forms version 1.4 is vulnerable to a reflected cross site scripting in the form submission resulting in javascript code execution in the context on the current user...

Reflected Cross-site Scripting Vulnerability in the Commondownloadtype Parameter of Zhiyuan OA System

Zhiyuan A6-m Collaborative Management Software Enterprise Edition is a collaborative management software for small and medium-sized enterprises, Zhiyuan A6-s Collaborative Management Software is a set of collaborative office management software that can help small and micro-organizations of...

5: stored and reflected XSS vulnerabilities

Multiple cross-site scripting XSS flaws were found in the way HTTP GET parameter data was handled in Red Hat Satellite. A user able to provide malicious links to a Satellite user could use these flaws to perform XSS attacks against other Satellite users...

Satellite: Spacewalk contains multiple XSS (stored and reflected)

Stored and reflected cross-site scripting XSS flaws were found in the way spacewalk-java displayed certain information. By sending a specially crafted request to Satellite, a remote, authenticated attacker could embed HTML content into the stored data, allowing them to inject malicious content in...