CVE-2016-1300

Cross-site scripting XSS vulnerability in Cisco Unity Connection UC 10.52.3009 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582...

CVE-2016-0209

Cross-site scripting XSS vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-0209

Cross-site scripting XSS vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-1135

Cross-site scripting XSS vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlie...

Microsoft Exchange Server Cross-Site Scripting Vulnerability (CNVD-2016-00279)

Microsoft Exchange Server is a popular enterprise-class mail server developed by Microsoft. A cross-site scripting vulnerability exists in Microsoft Exchange Server that allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2016-0032

Cross-site scripting XSS vulnerability in Outlook Web Access OWA in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."...

CVE-2016-0031

Cross-site scripting XSS vulnerability in Outlook Web Access OWA in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0029...

TYPO3 back-end component cross-site scripting vulnerability (CNVD-2016-00179)

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in the back-end components of TYPO3 versions 6.2.x before 6.2.16 and 7.x before 7.6.1. A remote attacker can exploit this vulnerabilit...

PT-2015-7108 · Ipswitch · Ipswitch Whatsup Gold

Name of the Vulnerable Software and Affected Versions: IPSwitch WhatsUp Gold versions prior to 16.4 Description: The issue allows remote attackers to inject arbitrary web script or HTML via multiple fields, including 1 an SNMP OID object, 2 an SNMP trap message, 3 the View Names field, 4 the Grou...

CVE-2015-7927

Cross-site scripting XSS vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-4998

Cross-site scripting XSS vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different...

UBUNTU-CVE-2015-6790

The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Cisco Emergency Responder 10.51a allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547...

Newphoria applican framework cross-site scripting vulnerability

Newphoria applican framework for Android and iOS is a set of application development framework based on Android and iOS platforms from Newphoria, Japan. A cross-site scripting vulnerability exists in the runtime engine of Newphoria applican framework 1.12.6 and earlier for Android and Newphoria...

Newphoria applican framework cross-site scripting vulnerability (CNVD-2015-07764)

Newphoria applican framework for Android and iOS is a set of application development framework based on Android and iOS platforms from Newphoria, Japan. A cross-site scripting vulnerability exists in the runtime engine of Newphoria applican framework 1.12.6 and earlier versions for Android and...

JosephErnest Void Cross-Site Scripting Vulnerability

JosephErnest Void is a content management system CMS. A cross-site scripting vulnerability exists in the index.php script in versions of JosephErnest Void prior to 2015-10-02. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of a specially...

CVE-2015-7997

Multiple cross-site scripting XSS vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM SVM devices allow...

Multiple Cross-Site Scripting Vulnerabilities in HP ArcSight Management Center

HP ArcSight Management Center is a security management center from Hewlett-Packard HP in the U.S. HP ArcSight Logger is a log management software tool. Multiple cross-site scripting vulnerabilities exist in HP ArcSight Management Center versions prior to 2.1, and ArcSight Logger versions prior to...

Microsoft .NET Framework Cross-Site Scripting Vulnerability

Microsoft .NET Framework is a popular software development toolkit. A cross-site scripting vulnerability exists in Microsoft .NET Framework versions 4, 4.5, 4.5.1, 4.5.2,4.6, which allows remote attackers to insert arbitrary web scripts or HTML pages via a carefully constructed value...

Microsoft Skype for Business Cross-Site Scripting Vulnerability

Microsoft Skype for Business is an enterprise-class communication tool from Microsoft Corporation that enhances support for intra-enterprise communications as well as content sharing and collaboration. Cross-site scripting vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1...