Exponent CMS Cross-Site Scripting Vulnerability (CNVD-2017-06734)

Exponent CMS is a free, open source, modular PHP-based content management system CMS. The system supports direct editing in the page and provides user management, site configuration, content editing and other functions. A cross-site scripting vulnerability exists in the...

DEBIAN-CVE-2016-6333

Cross-site scripting XSS vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css...

CVE-2016-4888

Cross-site scripting XSS vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-2104

Multiple cross-site scripting XSS vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via 1 the label parameter to admin/BunchDetail.do; 2 the packagename, 3 searchsubscribedchannels, or 4 channelfilter parameter to software/packages/NameOverview.d...

UBUNTU-CVE-2015-8864

Cross-site scripting XSS vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068...

CVE-2016-1179

Cross-site scripting XSS vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML...

Pixie Cross-Site Scripting Vulnerability

Pixie is an open source lightweight website content management system CMS. The system supports CSS themes, WYSIWYG editors and more. A cross-site scripting vulnerability exists in Pixie version 1.0.4, which stems from the program not properly validating user-submitted input. A remote attacker can...

Pixie cross-site scripting vulnerability (CNVD-2017-04817)

Pixie is an open source lightweight website content management system CMS. The system supports CSS themes, WYSIWYG editors and more. A cross-site scripting vulnerability exists in Pixie version 1.0.4. As the program fails to properly validate user-submitted input. A remote attacker can exploit th...

Nextcloud Server and ownCloud Server Cross-Site Scripting Vulnerabilities

ownCloud is a free and open source personal cloud storage solution from German company ownCloud. nextcloud is an open source self-hosted file synchronization and sharing communication application platform. ownCloud Server and Nextcloud Server are both a server version of one of them. A cross-site...

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2017-04905)

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. Revive Adserver has a cross-site scripting vulnerability. A remote attacker can exploit this vulnerability to...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2017-04705)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in the...

IBM Call Center for Commerce Cross-Site Scripting Vulnerability

IBM Call Center for Commerce is a Web-based call center solution. The solution supports providing CSRs Customer Service Representatives with a single point of access to business information as well as comprehensive multi-channel interactions with customers. A cross-site scripting vulnerability...

CVE-2017-0110

Cross-site scripting XSS vulnerability in Microsoft Exchange Outlook Web Access OWA allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability."...

DEBIAN-CVE-2016-10203

Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor...

Air Transfer Cross-Site Scripting Vulnerability

Air Transfer Pro is an application for transferring files from your computer to your cell phone over a wireless network. Air Transfer suffers from a cross-site scripting vulnerability that allows remote attackers to exploit exploits to inject script code into client application requests with...

CVE-2017-5008

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML pag...

WordPress class-wp-posts-list-table.php cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. A cross-site scripting vulnerability exists in WordPress wp-admin/includes/class-wp-posts-list-table.php, which allows remote attackers...

UBUNTU-CVE-2016-7147

Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...

CVE-2016-9409

Cross-site scripting XSS vulnerability in the Admin control panel in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs...

UBUNTU-CVE-2017-5007

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...