3009 matches found
CVE-2016-4566
Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack...
Cross site scripting
Cross-site scripting XSS vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. NOTE: this vulnerability exists because of an...
phpMyAdmin Multiple Vulnerabilities -01 (May 2016) - Linux
phpMyAdmin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...
phpMyAdmin Multiple XSS Vulnerabilities (PMASA-2016-11) - Windows
phpMyAdmin is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Code injection
The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service application crash via an empty BIT STRING in ASN.1 data...
CVE-2016-2010
Summary: CVE-2016-2010 is a cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi). The issue affects NNMi versions 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 and could allow a remote authenticated user to inject arbitrary web script or HTML via unspecified vectors. The conne...
Getdpd Bug Bounty Application-Side Cross-Site Scripting Vulnerability
DPD is an all-in-one shopping cart and digital fulfillment service for downloadable products. An application-side cross-site scripting vulnerability exists in the Getdpd online service. A remote attacker could inject malicious code into an affected application module...
CVE-2016-1916
CVE-2016-1916 affects BlackBerry Enterprise Server (BES) Management Console in BES 12.x
The vulnerability of the microprogramming software of the Storeonce Backup backup system allows a intruder to inject arbitrary Web or HTML code.
The vulnerability of Storeonce Backup’s microprogramming software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code remotely...
CVE-2016-2228
Cross-site scripting XSS vulnerability in horde/templates/topbar/menubar.html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter, as demonstrated by a request to...
CVE-2016-2163
Cross-site scripting XSS vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event...
Docker UI v0.10.0 - Multiple Persistent Vulnerabilities
Document Title: =============== Docker UI v0.10.0 - Multiple Persistent Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1803 Release Date: ============= 2016-03-29 Vulnerability Laboratory ID VL-ID: ==================================== 18...
The vulnerability of the SAP NetWeaver software integration platform allows a hacker to inject any Web or HTML code.
The vulnerability of the SAP NetWeaver software integration platform exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code remotely...
The vulnerability of the Adobe Connect instant messaging program allows a hacker to inject arbitrary Web or HTML code.
The vulnerability of the Adobe Connect instant messaging program exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code remotely...
ownCloud Multiple Vulnerabilities (Mar 2016) - Linux
ownCloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; ifdescription...
The vulnerability of the application interface of IBM WebSphere Portal servers allows a hacker to inject any Web or HTML code.
The vulnerability of the application interface of the IBM WebSphere Portal server exists due to the lack of measures taken to protect the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code remotely...
Cybozu Office Cross-Site Scripting Vulnerability (CNVD-2016-01250)
Cybozu Office is a WEB-based cross-platform office solution developed by Cybozu Japan. A cross-site scripting vulnerability in Cybozu Office versions 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2015-7580
Cross-site scripting XSS vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node...
CVE-2015-7578
CVE-2015-7578 is a cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem, prior to version 1.0.3, used with Ruby on Rails 4.2.x and 5.x. The issue allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes due to inadequate sanitization. Exploitat...
The vulnerability of the SAP HANA database management system allows a hacker to inject arbitrary ABAP code.
The vulnerability of the SAP HANA database management system is related to incorrect code generation. Exploiting this vulnerability allows a malicious actor to inject arbitrary ABAP code remotely...