LimeSurvey cross-site scripting vulnerability (CNVD-2018-12261)

LimeSurvey formerly known as PHPSurveyor is a set of open source online survey program developed by the LimeSurvey team, which supports survey program development, questionnaire distribution and data collection. A cross-site scripting vulnerability exists in Boxes in LimeSurvey version...

WordPress Loginizer Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.WordPress Loginizer plugin is one of the access control plugin. A cross-site scripting vulnerability exists in the...

XYHCMS Cross-Site Scripting Vulnerability

XYHCMS is an open source content management system CMS. A cross-site scripting vulnerability exists in XYHCMS version 3.5. A remote attacker can exploit this vulnerability by sending the 'test' parameter to the index.php file to execute JavaScript code...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2018-07655)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM B...

Kontena server/app/views/static/code.html page cross-site scripting vulnerability

Kontena is a suite of open source microservices platforms capable of running applications as containers. The 'kontena master login --remote' code on the server/app/views/static/code.html page in Kontena versions prior to 1.5.0 indicates a cross-site scripting vulnerability. A remote attacker coul...

Invoice Plane Cross-Site Scripting Vulnerability (CNVD-2018-04555)

InvoicePlane is an open source financial system. The system has features to manage quotes, invoices and payments. A cross-site scripting vulnerability exists in the client email field in InvoicePlane 1.5.4 and prior versions. A remote attacker can exploit this vulnerability to execute JavaScript...

Dolibarr cross-site scripting vulnerability (CNVD-2018-04561)

Dolibarr is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, etc. Product details is one of the product details module. A cross-site scriptin...

UBUNTU-CVE-2017-15387

Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a crafted HTML page...

ServersCheck Monitoring Software Cross-Site Scripting Vulnerability

ServersCheck Monitoring Software is a suite of browser-based network inspection tools from ServersCheck Belgium. The tool monitors, reports, and provides early warning of problems with system performance and reliability. A cross-site scripting vulnerability exists in ServersCheck Monitoring...

CVE-2017-17792

Cross site scripting XSS vulnerability in the markupcleanhref function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment...

BlogoText 'markup_clean_href' function cross-site scripting vulnerability

BlogoText is a lightweight SQLite blogging engine. A cross-site scripting vulnerability exists in the 'markupcleanhref' function in the inc/conv.php file in BlogoText 3.7.6 and earlier versions. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code with the help of ...

IBM DOORS Next Generation Cross-Site Scripting Vulnerability (CNVD-2017-38359)

IBM Rational DOORS Next Generation DNG/RRC is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM, USA. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers and project...

IBM Rational DOORS Next Generation Cross-Site Scripting Vulnerability (CNVD-2017-37832)

IBM Rational DOORS Next Generation DNG and Rational Requirements Composer RRC are both requirements management solutions from IBM USA. The solutions are primarily used to define, manage, and report on requirements throughout the project lifecycle. A cross-site scripting vulnerability exists in IB...

Catalyst Mahara 'add to watchlist' cross-site scripting vulnerability

Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A cross-site scripting vulnerability exists in the 'add to watchlist' link in Catalyst Mahara versions 1.9 before 1.9.7, 1.10 before 1.10.5, and 15.04...

IBM Rational Team Concert Cross-Site Scripting Vulnerability (CNVD-2017-32842)

IBM Rational Team Concert RTC is the U.S. IBM's set of Jazz-based platform and support decentralized teams for real-time collaboration related to software lifecycle management solutions. A cross-site scripting vulnerability exists in IBM RTC versions 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0...

IBM Content Navigator & CMIS Cross-Site Scripting Vulnerability

IBM Content Navigator & CMIS is a Web client from IBM USA that supports searching and processing documents stored in content servers around the world from a Web browser. A cross-site scripting vulnerability exists in IBM Content Navigator & CMIS versions 2.0.3, 3.0.0 and 3.0.1. A remote attacker...

IBM Rational Engineering Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2017-33353)

IBM Rational Engineering Lifecycle Manager RELM is a suite of engineering lifecycle management software from IBM in the United States. A cross-site scripting vulnerability exists in IBM RELM. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

IBM Sametime Cross-Site Scripting Vulnerability (CNVD-2017-27544)

IBM Sametime is a suite of next-generation social communication tools from IBM in the United States. The tool helps users realize real-time business collaboration by integrating audio voice, data and video. A cross-site scripting vulnerability exists in IBM Sametime versions 8.5.2 and 9.0. A remo...

IBM Sametime Meetings Server Arbitrary Code Execution Vulnerability (CNVD-2017-26377)

IBM Sametime is a set of next-generation social communication tools from IBM in the United States. The tool helps users realize real-time business collaboration by integrating audio voice, data, and video.Sametime Meeting Server is one of the Web conferencing components used in Sametime chat and...

CVE-2017-13138

DOM based Cross-site scripting XSS vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript...