Cross site scripting

Cross-site scripting XSS vulnerability in Lenovo SHAREit before 3.5.98ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS UXSS."...

DEBIAN-CVE-2016-4567

Cross-site scripting XSS vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."...

ChitaSoft SQL Injection Vulnerability

ChitaSoft suffers from a remote SQL injection vulnerability that allows remote attackers to execute malicious sql commands on the web application side or connect to dbms...

CVE-2016-3721

Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables...

CVE-2016-4561

Cross-site scripting XSS vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message...

DEBIAN-CVE-2016-4561

Cross-site scripting XSS vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message...

IBM Security Identity Manager Virtual Appliance Cross-Site Scripting Vulnerability

IBM Security Identity Manager ISIM is a suite of identity management and governance solutions from IBM in the United States. The solution automates the creation, modification, re-authentication and termination of user privileges throughout the user lifecycle and supports policy-based password...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via 1 the list1680466951oldfilterval parameter to systems/PhysicalList.do or 2 unspecified vectors involving systems/VirtualSystemsList.do...

TeamPass Cross-Site Scripting Vulnerability (CNVD-2017-06209)

TeamPass is a dedicated password manager for Apache, MySQL and PHP. A cross-site scripting vulnerability exists in TeamPass 2.1.24 and earlier versions. A remote attacker can inject arbitrary web script or HTML with 1 label value of an item or 2 name of a role...

Apache Wicket Cross-Site Scripting Vulnerability (CNVD-2016-02216)

Apache Wicket is the United States Apache Apache Software Foundation of a set of open source , lightweight , component-based framework. Apache Wicket's RadioGroup and CheckBoxMultipleChoice classes in the cross-site scripting vulnerability , remote attackers can use the input element with the hel...

CVE-2016-2058

Multiple cross-site scripting XSS vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow 1 remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or 2 remote authenticated users to inject arbitra...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow 1 remote Xymon clients to inject arbitrary web script or HTML via a status-message, which is not properly handled in the "detailed status" page, or 2 remote authenticated users to inject arbitra...

CVE-2016-1377

Cross-site scripting XSS vulnerability in Cisco Unity Connection through 11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCus21776...

CVE-2016-4003

Cross-site scripting XSS vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a 1 link, 2 page, or 3 folder resource...

Casebook plugin cross-site scripting vulnerability

Casebook plugin for baserCMS is a casebook plugin for baserCMS. A cross-site scripting vulnerability exists in Casebook plugin for baserCMS versions prior to 0.9.4, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-1173

Cross-site scripting XSS vulnerability in the Menubook plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-1169

Cross-site scripting XSS vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Vulnerabilities in the software for Cisco WebEx Meetings Server, which allow attackers to inject arbitrary Web or HTML code

Multiple vulnerabilities in the software for Cisco WebEx Meetings Server exist due to the lack of measures taken to protect the website structure. Exploiting these vulnerabilities allows a malicious actor to inject arbitrary Web or HTML code remotely...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2016-01477)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in the...