4images cross-site scripting vulnerability

4images is a web-based image gallery management system. A cross-site scripting vulnerability exists in 4images 1.7.11 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

CVE-2015-4971

Cross-site scripting XSS vulnerability in IBM Emptoris Strategic Supply Management Platform and Emptoris Program Management 10.x before 10.0.1.4iFix3, 10.0.2.x before 10.0.2.7iFix1, 10.0.3.x before 10.0.3.2, and 10.0.4.x before 10.0.4.0iFix1 allows remote authenticated users to inject arbitrary w...

Mango Automation 2.6.0 Cross Site Scripting

Mango Automation 2.6.0 Remote XSS POST Injection Vulnerability Vendor: Infinite Automation Systems Inc. Product web page: http://www.infiniteautomation.com/ Affected version: 2.5.2 and 2.6.0 beta build 327 Summary: Mango Automation is a flexible SCADA, HMI And Automation software application that...

IPython Notebook and Jupyter Notebook Cross-Site Scripting Vulnerabilities

IPython is an enhanced version of Python's native interactive shell developed by the IPython team.Notebook is one of the development environments.Jupyter Notebook is one of the suite of web applications for creating and sharing code and illustrative text documents. A cross-site scripting...

PYSEC-2015-24

Cross-site scripting XSS vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site reque...

Multiple Cross-Site Scripting Vulnerabilities in Ignite Realtime Openfire

Ignite Realtime Openfire formerly known as Wildfire is the IgniteRealtime community of a Java development and based on XMPP formerly known as Jabber, Instant Messaging Protocol cross-platform open-source real-time collaboration RTC server , it can build a high-efficiency instant messaging servers...

DEBIAN-CVE-2015-6584

Cross-site scripting XSS vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unittesting/templates/6776.php...

OpenDocMan Cross-Site Scripting Vulnerability

OpenDocMan is OpenDocMan project team developed an open source Web-based PHP document management system DMS. The system is mainly used for centralized management of documents , and has easy to install , use , scalable and so on. OpenDocMan versions before 1.3.4 cross-site scripting vulnerabilitie...

CVE-2014-2329

Multiple cross-site scripting XSS vulnerabilities in CheckMK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the 1 agent string for a checkmk agent, a 2 crafted request to a monitored host, which is not properly handled by the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in CheckMK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the 1 agent string for a checkmk agent, a 2 crafted request to a monitored host, which is not properly handled by the...

Drupal Smart Trim module cross-site scripting vulnerability (CNVD-2015-05695)

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Smart Trim is one of the text field formatting modules. A cross-site scripting vulnerability exists in the Drupal Smart Trim module in versions 7.x-1.5 prior to 7.x-1.x. A remote attack...

VideoLAN VLC Media Player Cross-Site Scripting Vulnerability

VideoLAN VLC Media Player is a free, open source cross-platform multimedia player also a multimedia framework developed by the French organization VideoLAN. The product supports playback of a variety of media files, CD-ROMs, etc., a variety of audio and video formats WMV, MP3, etc., and so on. A...

CVE-2015-3440

Cross-site scripting XSS vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type...

DEBIAN-CVE-2015-3226

Cross-site scripting XSS vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding...

CVE-2015-1906

Cross-site scripting XSS vulnerability in the REST API in IBM Business Process Manager BPM 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted U...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...

Pivotx Cross-Site Scripting Vulnerability

Pivotx is an open source blog content management system Blog CMS. The system supports built-in comment review, spam protection and template replacement. A cross-site scripting vulnerability exists in the 'form' method in the modules/formclass.php script in versions prior to Pivotx 2.3.11. A remot...

DEBIAN-CVE-2015-1159

Cross-site scripting XSS vulnerability in the cgiputs function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/...

Multiple Cross-Site Scripting Vulnerabilities in Synology Photo Station-2945

Synology Photo Station is a solution for sharing pictures, videos and blogs over the Internet from Synology. A cross-site scripting vulnerability exists in Synology Photo Station versions prior to 6.3-2945, which allows remote attackers to inject arbitrary web script or HTML via loginphp or...

rubygem-i18n: cross-site scripting flaw in exception handling

Cross-site scripting XSS vulnerability in exceptions.rb in the i18n gem before 0.6.6 for Ruby allows remote attackers to inject arbitrary web script or HTML via a crafted I18n::MissingTranslationData.new call...