CA API Developer Portal Cross-Site Scripting Vulnerability (CNVD-2018-17503)

CA API Developer Portal is a set of CA's API Application Programming Interface query function for software developers. A cross-site scripting vulnerability exists in CA API Developer Portal version 4.x, versions prior to 4.2.5.3, and versions prior to 4.2.7.1, which originates when the program...

IBM Rational DOORS Next Generation Cross-Site Scripting Vulnerability

IBM Rational DOORS Next Generation DNG/RRC is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM, USA. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers and project...

Subrion cross-site scripting vulnerability (CNVD-2018-14782)

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A cross-site scripting vulnerability exists in uploads/.htaccess in Subrion CMS version 4.2.1, which stems...

Cisco Webex Cross-Site Scripting Vulnerability (CNVD-2018-14204)

Cisco WebEx is the United States Cisco Cisco company's set of Web conferencing tools, the tool can assist off-site office workers to coordinate and collaborate.WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging IM. A cross-site scripting...

Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability

Microsoft Active Directory Federation Services ADFS is an Active Directory Federation Service from Microsoft. The service provides Web Single Sign-On SSO technology, which enables authentication of a user to multiple websites or applications during a single session. A cross-site scripting...

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2018-12400)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A cross-site scripting vulnerability exists in Mozilla Firefox versions prior to 59, where the program fails to properly validate user-submitted input. The vulnerability can be exploited by a...

CA Privileged Access Manager Cross-Site Scripting Vulnerability

CA Privileged Access Manager is a privileged access manager from CA USA that centralizes privileged user policies across multiple physical and virtual environments and manages and controls access used to IT resources. A cross-site scripting vulnerability exists in version 2.x of CA Privileged...

CVE-2018-9027

A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link...

Security Bulletin: Multiple vulnerabilities in IBM SPSS Collaboration and Deployment Services

Summary Multiple vulnerabilities exist in IBM SPSS Collaboration and Deployment Services. See the individual descriptions for details. Vulnerability Details VULNERABILITY DETAILS: CVEID: CVE-2013-4044 DESCRIPTION: An authenticated remote attacker can send a HTTP request to retrieve the content of...

Mozilla Firefox Design Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in the Live Bookmark page and PDF reader in versions of Mozilla Firefox prior to 60. A remote attacker can exploit this vulnerability by performing a social...

HPE UCMDB Configuration Manager Software Cross-Site Scripting Vulnerability

HPE UCMDB full name Universal CMDB is the United States Hewlett Packard Enterprise HPE company's set of resource management solutions. The solution provides from the bottom up including IT infrastructure auto-discovery, data modeling, service mapping definition and service impact analysis, etc...

WordPress Imagely NextGEN Gallery Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.Imagely NextGen Gallery is one of the gallery management systems. A cross-site scripting vulnerability exists in Image Alt &...

Tenable Nessus Cross-Site Scripting Vulnerability (CNVD-2018-10667)

Tenable Network Security Nessus is a highly scalable open source vulnerability scanner from Tenable Network Security, USA. A cross-site scripting vulnerability exists in Tenable Network Security Nessus versions prior to 7.1.0, which stems from the program failing to properly perform input...

Mitel MiVoice Connect Cross-Site Scripting Vulnerability

Mitel MiVoice Connect R1707-PREM and Mitel ST are both products of Mitel Canada.Mitel MiVoice Connect R1707-PREM is a Unified Communications Management Appliance.ST is a videoconferencing product.conferencing is one of the notification components. conferencing is one of the conference notificatio...

Mitel MiVoice Connect Cross-Site Scripting Vulnerability (CNVD-2018-08583)

Mitel MiVoice Connect R1707-PREM and Mitel ST are both products of Mitel Canada.Mitel MiVoice Connect R1707-PREM is a Unified Communications Management Appliance.ST is a videoconferencing product.conferencing is one of the notification components. conferencing is one of the conference notificatio...

Cacti cross-site scripting vulnerability (CNVD-2018-08667)

Cacti is an open source, web-based network monitoring and mapping tool, a front-end application designed for the data logging tool RRDtool. Cacti suffers from a cross-site scripting vulnerability. The vulnerability arises because the getcurrentpage function in lib/functions.php relies on...

Google Chrome interstitials command execution vulnerability

Google Chrome is a web browser developed by Google Inc. interstitials is one of the pop-up ads plug-ins. A security vulnerability exists in interstitials in Google Chrome, which stems from the program failing to properly validate user-submitted input. The vulnerability can be exploited by a remot...

CA API Developer Portal Cross-Site Scripting Vulnerability

CA API Developer Portal is a set of CA's API Application Programming Interface query function for software developers. A cross-site scripting vulnerability exists in the profile picture handling in CA API Developer Portal, which stems from the program failing to properly filter user-submitted HTM...

CA API Developer Portal Cross-Site Scripting Vulnerability

CA API Developer Portal is a set of CA's API Application Programming Interface query function for software developers. A cross-site scripting vulnerability exists in the profile picture handling in CA API Developer Portal versions 3.5 through 3.5 CR6, which stems from the program failing to...

SAP NetWeaver RunTime Cross-Site Scripting Vulnerability

SAP NetWeaver RunTime is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A cross-site scripting vulnerability exists in SAP NetWeaver RunTime, which arises from the program's...