CVE-2018-15511

Cross-site scripting XSS vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML...

PT-2019-9614 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 versions prior to 5.3.2.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the cf title parameter, also known as the "homepage title" parameter, in the adm/config form update.php file. This...

CVE-2019-8444

The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in image attribute specification...

CVE-2019-4483

IBM Contract Management 10.1.0 through 10.1.3 and IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IB...

Cross-Site Scripting (XSS)

apache tomcat is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the Name or Value parameter in the error messages...

Cross site scripting

A cross-site scripting XSS vulnerability in resource view in PayAction.class.php in D-Link Central WiFi Manager CWM100 before v1.03R0100BETA6 allows remote attackers to inject arbitrary web script or HTML via the index.php/Pay/passcodeAuth passcode parameter...

CVE-2018-14864

Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web script via a crafted attachment...

CVE-2018-14864

Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web script via a crafted attachment...

CVE-2018-1845

IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 150905...

Hardcoded credentials

In the Bluetooth Low Energy BLE specification, there is a provided example Long Term Key LTK. If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate attacker to remotely inject keystrokes on a paired Android host due to improperly used crypto. User...

CVE-2019-5938

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.1 allows remote attackers to inject arbitrary web script or HTML via the application 'Mail'...

CVE-2018-16139

Cross-site scripting XSS vulnerability in BIBLIOsoft BIBLIOpac 2008 allows remote attackers to inject arbitrary web script or HTML via the db or action parameter to to bin/wxis.exe/bibliopac/...

CVE-2018-15530

Cross-site scripting XSS in the web interface of the Xerox ColorQube 8580 allows remote persistent injection of custom HTML / JavaScript code...

Cross site scripting

Cross-site scripting XSS in the web interface of the Xerox ColorQube 8580 allows remote persistent injection of custom HTML / JavaScript code...

CVE-2018-15530

Cross-site scripting XSS in the web interface of the Xerox ColorQube 8580 allows remote persistent injection of custom HTML / JavaScript code...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in HTMLy 2.7.4 allow remote attackers to inject arbitrary web script or HTML via the 1 destination parameter to delete feature; the 2 destination parameter to edit feature; 3 content parameter in the profile feature...

CVE-2019-3562

CVE-2019-3562 details (from connected records): a remote HTML-injection flaw in the Oculus Browser affecting versions 5.2.7–5.7.11, allowing a malicious page to spoof the UI and potentially execute code. The documents do not provide remediation steps or confirmation of exploitation in the wild; n...

CVE-2019-10887

A reflected HTML injection vulnerability on Salicru SLC-20-cube35 devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name=...

Snipe-IT Cross-Site Scripting Vulnerability

Snipe-IT is an open source IT asset/license management system. A cross-site scripting vulnerability exists in Snipe-IT versions prior to 4.6.14. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

Adrenalin eSystems HRMS Software Cross-Site Scripting Vulnerability

Adrenalin eSystems HRMS Software is a human resource management system from Adrenalin eSystems India. A cross-site scripting vulnerability exists in the RPT/SSRSDynamicEditReports.aspx page in Adrenalin eSystems HRMS Software version 5.4. A remote attacker can exploit this vulnerability to inject...