Synology DiskStation Manager Improper Escape Neutralization Vulnerability

Synology DiskStation Manager DSM is an operating system for use on Network Storage Servers NAS from Synology. The operating system manages information such as data, files, photos, music, and more. An improper escape neutralization vulnerability exists in Log Exporter in Synology DSM versions prio...

WSTMart Product Inquiry Component Cross-Site Scripting Vulnerability

WSTMart is a set of e-commerce system of Guangzhou Shangtao Information Technology Co. A cross-site scripting vulnerability exists in the product consultation component of WSTMart version 2.0.8181212, which can be exploited by remote attackers to inject arbitrary Web script or HTML with the help ...

CVE-2018-8918

Cross-site scripting XSS vulnerability in info.cgi in Synology Router Manager SRM before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

Micro Focus NetIQ eDirectory Cross-Site Scripting Vulnerability

Micro Focus NetIQ eDirectory is an identity management infrastructure platform from Micro Focus UK that combines identity management architecture and directory services technology. The platform provides authentication policies, data backup and recovery services, and data disaster recovery. A...

Cross-Site Scripting (XSS)

phpmyadmin is vulnerable to cross-site scripting XSS. The attack exists because the database\table names in navigation tree are not properly escaped and allows a remote attacker to inject arbitrary Javascript into a victim's browser...

CVE-2018-0716

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application...

XiaoCms Cross-Site Scripting Vulnerability

XiaoCms is a lightweight content management system CMS based on PHP and MySQL and capable of running on Linux, Windows and other platforms. A cross-site scripting vulnerability exists in XiaoCms version 20141229, which can be exploited by remote attackers to inject arbitrary web script or HTML vi...

The vulnerability of the SSL VPN web portal’s login page in the operating system FortiOS allows a hacker to inject arbitrary JavaScript or HTML code.

The vulnerability of the SSL VPN web portal’s login page in the operating system FortiOS arises due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code remotely...

The vulnerability of the DHCP Monitor web interface of the FortiOS operating system allows a hacker to inject arbitrary JavaScript or HTML code.

The vulnerability of the DHCP Monitor web interface of the FortiOS operating system arises due to insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code remotely...

SEMCMS cross-site scripting vulnerability (CNVD-2019-01719)

SEMCMS is a foreign trade web content management system CMS that supports multiple languages. A cross-site scripting vulnerability exists in SEMCMS version 3.4, which can be exploited by a remote attacker to inject arbitrary Web script or HTML into the copyright text box of the admin/SEMCMSMain.p...

SEMCMS Cross-Site Scripting Vulnerability (CNVD-2019-01722)

SEMCMS is a foreign trade web content management system CMS that supports multiple languages. A cross-site scripting vulnerability exists in SEMCMS version 3.4, which can be exploited by remote attackers to inject arbitrary Web script or HTML with the help of admin/SEMCMSDownload.php?lgid=1 URI...

Adrenalin HRMS Cross-Site Scripting Vulnerability

Adrenalin HRMS is a human resource management system from Adrenalin eSystems, India. A cross-site scripting vulnerability exists in the ApplicationtEmployeeSearch page in Adrenalin HRMS version 5.4.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the...

Leanote cross-site scripting vulnerability (CNVD-2018-21793)

Leanote is an open source notepad application. A cross-site scripting vulnerability exists in the Blog Basic Setting page in Leanote version 2.6.1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the title field...

CVE-2018-7427

Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML vi...

OwnTicket SQL Injection Vulnerability

OwnTicket is a workflow management system. A SQL injection vulnerability exists in OwnTicket version 2018-05-23. A remote attacker can exploit the vulnerability to execute arbitrary SQL commands with the help of 'showTicketId' or 'editTicketStatusId' parameters...

WordPress wp-live-chat-support plugin cross-site scripting vulnerability (CNVD-2020-28776)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. wp-live-chat-support plugin is used in one of the live chat plugin . A cross-site scripting vulnerability exists ...

PYSEC-2018-47

Cross-site scripting XSS vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2018-20546)

IBM Rational Quality Manager RQM is a collaborative, Web-based quality management solution from IBM. The program provides test planning and test evaluation management methods within the entire software development lifecycle, and the ability to share information, automation to accelerate the proje...

ZTE MF65 and ZTE MF65M1 Cross-Site Scripting Vulnerability

The ZTE MF65 and ZTE MF65M1 are both wireless Internet access card products from ZTE Corporation ZTE of China. A cross-site scripting vulnerability exists in the ZTE MF65 version prior to V1.0.0B05 and the ZTE MF65M1 version prior to V1.0.0B02, which stems from the program failing to properly...

RICOH MP C1803 JPN Printer Cross-Site Scripting Vulnerability

The RICOH MP C1803 JPN is a multifunction printer device from Ricoh Japan. A cross-site scripting vulnerability exists in the add address area of the RICOH MP C1803 JPN printer. A remote attacker can exploit this vulnerability by sending the 'entryNameIn' parameter to the...