3736 matches found
PT-2019-9618 · Gnuboard · Gnuboard5
Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the bo content head parameter, also known as the "board head contents" parameter, in the adm/board form update.php endpoint...
PT-2019-9616 · Gnuboard · Gnuboard5
Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the Extra Contents parameter, also known as the cf 110 parameter in the adm/config form update.php file. This enables attacker...
PT-2019-9621 · Gnuboard · Gnuboard5
Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the bo mobile subject parameter, also referred to as the "mobile board title contents" parameter, in the adm/board form...
PT-2019-9617 · Gnuboard · Gnuboard5
Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the bo mobile content head parameter, also known as the "mobile board head contents" parameter, in the adm/board form update.p...
CVE-2019-5962
Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2019-11825
Cross-site scripting XSS vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter...
IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2019-20849)
IBM Rational Collaborative Lifecycle Management CLM is a suite of collaborative lifecycle management solutions from IBM in the United States. The solution combines three products, RTC, RQM, and RRC, in a single IBM SmartCloud Enterprise cloud environment image to provide requirements management,...
CVE-2019-5928
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function...
PT-2019-9127 · Gnu · Gnuboard5
Name of the Vulnerable Software and Affected Versions: gnuboard5 versions prior to 5.3.1.6 Description: The issue is related to a Cross-Site Scripting XSS vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML in the adm/faqmasterformupdate.php file...
MISP Cross-Site Scripting Vulnerability (CNVD-2019-12145)
MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and features threat cybersecurity event analysis and malware analysis hood. A cross-site scripting vulnerability exists in the default distribution template in the...
ArcSight Logger Cross-Site Scripting Vulnerability
Micro Focus ArcSight Logger is a suite of log management software from Micro Focus UK. The software collects and integrates data from any log generation source for log management, searching, indexing, reporting, analysis and retention. A cross-site scripting vulnerability exists in Micro Focus...
Phamm Permission License and Access Control Vulnerabilities
Phamm a.k.a. PHP LDAP Virtual Hosting Manager is a PHP-based web hosting manager that supports multiple roles with access rights to manage virtual services using an LDAP backend. A privilege permission and access control vulnerability exists in Phamm version 0.6.8. A remote attacker can exploit...
YzmCMS Cross-Site Scripting Vulnerability (CNVD-2019-07929)
YzmCMS is an open source CMS Content Management System by Yuan Zhimeng programmers in China. A cross-site scripting vulnerability exists in YzmCMS version 5.2. A remote attacker can use the 'column name' parameter of admin/category/edit.html page to inject arbitrary Web script or HTML with the he...
DiliCMS Cross-Site Scripting Vulnerability (CNVD-2019-07939)
DiliCMS is a content management system CMS based on Codelgniter. A cross-site scripting vulnerability exists in the site URL text box in DiliCMS version 2.4.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
SchoolCMS Cross-Site Scripting Vulnerability (CNVD-2019-35030)
SchoolCMS is an open source school teaching management system based on ThinkPHP framework. The system includes student management , grade management and teacher management . SchoolCMS cross-site scripting vulnerability , remote attackers can use the vulnerability to inject arbitrary Web script or...
Cacti cross-site scripting vulnerability (CNVD-2019-14552)
Cacti is an open source, web-based network monitoring and mapping tool, a front-end application designed for the data logging tool RRDtool. A cross-site scripting vulnerability exists in the 'Website Hostnam' field of the pollers.php file in versions of Cacti prior to 1.2.0, which stems from the...
Cacti cross-site scripting vulnerability (CNVD-2019-14553)
Cacti is an open source, web-based network monitoring and mapping tool, a front-end application designed for the data logging tool RRDtool. A cross-site scripting vulnerability exists in the 'Website Hostname' parameter of the host.php file in versions of Cacti prior to 1.2.0, which stems from th...
Cisco Webex Business Suite Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability exists in the MyWebex component of Cisco Webex Business Suite. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via a specially crafted URL...
Traccar Server Cross-Site Scripting Vulnerability
Traccar Server is an open source GPS tracking system. A cross-site scripting vulnerability exists in the protocol/SpotProtocolDecoder.java file in Traccar Server version 4.2, which can be exploited by a remote attacker to inject arbitrary Web script or HTML...
CVE-2018-16199
Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors...