Cross site scripting

Cross site scripting XSS vulnerability in pages.editform.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATHINFO in an acp.php URL, due to use of unsanitized $SERVER'PHPSELF' to generate URLs...

Cross site scripting

Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior ...

IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2017-09955)

IBM Rational Quality Manager RQM is a collaborative, Web-based quality management solution from IBM. The program provides test planning and test evaluation management methods within the entire software development lifecycle, and the ability to share information, automation to accelerate the proje...

Symphony cross-site scripting vulnerability (CNVD-2017-07340)

Symphony is a content management system CMS developed using PHP and MySQL. The system supports search engine optimization, module extensions and more. A cross-site scripting vulnerability exists in the publish/articles/new/ URI in Symphony version 2.6.11. A remote attacker can exploit this...

Cross site scripting

Cross-site scripting vulnerability in WEB SCHEDULE allows remote attackers to inject arbitrary web script or HTML via the month parameter...

MyBB cross-site scripting vulnerability (CNVD-2017-06578)

MyBB is a popular web-based very good free forum software developed with PHP and MySQL. A cross-site scripting vulnerability exists in the Email MyCode component in MyBB versions prior to 1.8.11. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

MediaWiki cross-site scripting vulnerability (CNVD-2017-06565)

MediaWiki is a free and free web-based Wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers, which can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in the CSS user subpage preview...

DEBIAN-CVE-2016-6347

Cross-site scripting XSS vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Philips In.Sight B120/37 Cross-Site Scripting Vulnerability

The Philips In.Sight B120/37 is a video monitoring device for infants from Philips Netherlands. A cross-site scripting vulnerability exists in the Philips In.Sight B120/37. Sight B120/37 can be exploited by a remote attacker to inject arbitrary web script or HTML via the name parameter...

CVE-2016-4892

Cross-site scripting vulnerability in SetsucoCMS all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

SLiMS 7 Cendana Cross-Site Scripting Vulnerability

SLiMS 7 Cendana is an open source, free library management system. A cross-site scripting vulnerability exists in the admin/modules component in SLiMS 7 Cendana on 2017-03-23 and earlier. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

Symetrie Cross-Site Scripting Vulnerability

Symetrie is a set of tools that supports in-place editing and building websites without using a sql database. A cross-site scripting vulnerability exists in the symetrie-master/app/commands/page.php file in symetrie version 0.9.6. A remote attacker can exploit this vulnerability to inject arbitra...

Pixie cross-site scripting vulnerability (CNVD-2017-04818)

Pixie is an open source lightweight website content management system CMS. The system supports CSS themes, WYSIWYG editors and more. A cross-site scripting vulnerability exists in Pixie version 1.0.4. As the program fails to properly validate user-submitted input. A remote attacker can exploit th...

CVE-2016-6846

Cross-site scripting XSS vulnerability in Open-Xchange OX AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web before 7.6.2-rev16, 7.8.0 before 7.8.0-rev10, a...

qdPM Cross-Site Scripting Vulnerability

qdPM is a free , open source based on Symfony framework using PHP and MySQL development project management system . A cross-site scripting vulnerability exists in qdPM version 8.3. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of parameters ...

UBUNTU-CVE-2017-5938

Cross-site scripting XSS vulnerability in the navpath function in lib/viewvc.py in ViewVC before 1.0.14 and 1.1.x before 1.1.26 allows remote attackers to inject arbitrary web script or HTML via the navdata name...

PYSEC-2017-62

Cross-site scripting XSS vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

DEBIAN-CVE-2016-10202

Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php...

SAP BusinessObjects Financial Consolidation Cross-Site Scripting Vulnerability

The SAP BusinessObjects portfolio offers a wide range of business intelligence software, information management software, enterprise performance management solutions, and regulatory, risk, and compliance solutions. financial Consolidation is an enterprise performance management product. A...

UBUNTU-CVE-2016-6191

Multiple cross-site scripting XSS vulnerabilities in the View Raw Source page in the Web Calendar in SOGo before 3.1.3 allow remote attackers to inject arbitrary web script or HTML via the 1 Description, 2 Location, 3 URL, or 4 Title field...