ThinkSAAS Cross-Site Scripting Vulnerability (CNVD-2018-14998)

ThinkSAAS is an open source community development system based on PHP and MySQL. A cross-site scripting vulnerability exists in ThinkSAAS 2018-07-25 and earlier versions. A remote attacker can exploit the vulnerability by sending the 'groupdesc' parameter to the index.php?app=group&ac=create&ts=d...

Cross site scripting

Cross-Site Scripting XSS vulnerability in every page that includes the "action" URL parameter in SeedDMS formerly LetoDMS and MyDMS before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the action parameter...

CVE-2018-0614

Cross-site scripting vulnerability in NEC Platforms Calsos CSDX and CSDJ series products CSDX 1.37210411 and earlier, CSDXP 4.37210411 and earlier, CSDXD 3.37210411 and earlier, CSDXS 2.37210411 and earlier, CSDJ-B 01.03.00 and earlier, CSDJ-H 01.03.00 and earlier, CSDJ-D 01.03.00 and earlier,...

Open-Audit Cross-Site Scripting Vulnerability (CNVD-2018-14230)

Open-AudIT is a network discovery and auditing program. The program intelligently scans networks and network devices and provides status reports.Open-AudIT Community is its community version. A cross-site scripting vulnerability exists in the Groups page in Open-Audit Community version 2.2.6. A...

CVE-2018-14512

An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the formnickname parameter to the index.php?m=core&f=set&v=sendmail URI. When the administrator accesses the "system settings - mail server"...

WUZHI CMS Cross-Site Scripting Vulnerability (CNVD-2018-14090)

WUZHI CMS is China's five fingers WUZHI Internet technology company based on PHP and MySQL open source content management system CMS. A cross-site scripting vulnerability exists in WUZHI CMS version 4.1.0. A remote attacker can inject arbitrary Web script or HTML by sending the 'formnickname'...

MetInfo Cross-Site Scripting Vulnerability (CNVD-2018-14100)

MetInfo is a content management system CMS developed using PHP and Mysql by China Mito Information Technology Ltd. A cross-site scripting vulnerability exists in MetInfo version 6.0.0. A remote attacker can inject arbitrary script or HTML by modifying the name of the navigation bar on the homepag...

Input validation

A vulnerability in the vManage dashboard for the configuration and management service of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to inject and execute arbitrary commands with vmanage user privileges on an affected system. The vulnerability is due to insufficient...

Bootstrap Cross-Site Scripting Vulnerability (CNVD-2018-13371)

Bootstrap is an open source web front-end framework developed using HTML, CSS and JavaScript . A cross-site scripting vulnerability exists in the data-container attribute of tooltip in versions of Bootstrap prior to 4.1.2. A remote attacker can exploit this vulnerability to inject arbitrary web...

CVE-2018-10231

Cross-site scripting XSS vulnerability in TOPdesk before 8.05.017 June 2018 version and before 5.7.SR9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

CVE-2017-16710

Cross-site scripting XSS vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross-site scripting vulnerability in multiple IBM products (CNVD-2018-19530)

IBM Rational Collaborative Lifecycle Management CLM is a set of collaborative lifecycle management solutions.Rational Quality Manager RQM is a set of collaborative, web-based quality management solutions. IBM Rational Collaborative Lifecycle Management CLM is a collaborative lifecycle management...

ruby-grape ruby gem cross-site scripting vulnerability

ruby-grape ruby gem is a framework for creating class REST APIs in Ruby. A cross-site scripting vulnerability exists in the ruby-grape ruby gem. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of the 'format' parameter...

Open-AudIT Cross-Site Scripting Vulnerability (CNVD-2018-12810)

Open-AudIT is a network discovery and auditing program. The program intelligently scans networks and network devices and provides status reports. A cross-site scripting vulnerability exists in the Attributes feature in versions of Open-AudIT Community Edition prior to 2.2.2. A remote attacker can...

GitLab Community Edition and Enterprise Edition HTML Injection Vulnerability

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. An HTML injection...

CVE-2018-0612

Cross-site scripting vulnerability in 5000 trillion yen converter v1.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-0527

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Centreon cross-site scripting vulnerability (CNVD-2018-17879)

Centreon is a free and open source IT and application monitoring software. A cross-site scripting vulnerability exists in Centreon version 3.4.6 and Centreon Web version 2.8.23. A remote attacker can exploit this vulnerability to inject a payload into a username or command description...

Yii2-StateMachine extension for Yii2 cross-site scripting vulnerability

Yii2-StateMachine extension for Yii2 is a demo website system for demonstrating the Yii2 framework. A cross-site scripting vulnerability exists in the Yii2-StateMachine extension for Yii2 version 2.x.x. The vulnerability stems from the program failing to strictly filter the 'role' parameter. A...

CVE-2018-9029

An improper input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to conduct SQL injection attacks...