DEBIAN-CVE-2015-2939

Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...

DEBIAN-CVE-2015-2934

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xmlparse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file...

DEBIAN-CVE-2015-2933

Cross-site scripting XSS vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant...

DEBIAN-CVE-2015-2932

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element...

CVE-2015-2931

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI...

DEBIAN-CVE-2015-2931

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI...

UBUNTU-CVE-2015-2931

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI...

UBUNTU-CVE-2015-2939

Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...

Multiple Cross-Site Scripting Vulnerabilities in IBM Business Process Manager

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in Proce...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2015-01946)

IBM Business Process Manager BPM is a comprehensive set of business process management platforms from IBM in the U.S. It provides a range of tools related to business process modeling, assembly, monitoring, and deployment.WebSphere Lombardi Edition WLE is the predecessor of the BPM product. A...

IBM Rational DOORS Next Generation and Rational Requirements Composer Cross-Site Scripting Vulnerability

IBM Rational DOORS Next Generation and Rational Requirements Composer are both requirements management solutions from IBM USA. The solutions are primarily used to define, manage, and report on requirements throughout the project lifecycle. A cross-site scripting vulnerability exists in IBM Ration...

EMC RSA Certificate Manager and RSA Registration Manager Cross-Site Scripting Vulnerability (CNVD-2015-01665)

EMC RSA Certificate Manager RCM and RSA Registration Manager RRM are both products of EMC Corporation, RCM is a digital certificate management system that provides automated implementation of encryption key and digital certificate management, and RRM is a certificate registration management syste...

OpenKM Cross-Site Scripting Vulnerability

OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, document history and file sharing. A cross-site scripting vulnerability exists in OpenKM version 6.4.18 build 23338, which stems from a frontend/index.jsp script that fails to adequatel...

jquery-ui: XSS vulnerability in jQuery.ui.dialog title option

Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...

Multiple Cross-Site Scripting Vulnerabilities in PNMsoft Sequence Kinetics

PNMsoft Sequence Kinetics is a next-generation business process management suite released by Israel-based PNMsoft that enables rapid establishment of high-availability workflow applications and close human collaboration on change while maintaining lifecycle governance. Multiple cross-site scripti...

CVE-2015-2088

Cross-site scripting XSS vulnerability in unspecified administration pages in the Term Queue module before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

McAfee Data Loss Prevention Endpoint Cross-Site Scripting Vulnerability

McAfee Data Loss Prevention Endpoint is an integrated endpoint data protection solution from McAfee. The solution prevents theft and accidental disclosure of confidential data and provides security policies for file handling and transfer, shared endpoint data flow control and data encryption. A...

IBM Tivoli Endpoint Manager Web Reports Component Cross-Site Scripting Vulnerability

IBM Tivoli Endpoint Manager provides a unified, real-time visualization and implementation approach to deploying and managing patches to all endpoints. A cross-site scripting vulnerability in the Web Reports component of IBM Tivoli Endpoint Manager version 9.1.1229 prior to 9.1 can be exploited b...

Multiple Hitachi Products Online Help System Cross-Site Scripting Vulnerabilities

Hitachi Device Manager is a product of Hitachi, Japan. Hitachi Device Manager is a set of mobile device management software; Tiered Storage Manager is a set of tiered storage management software that can transparently migrate data between heterogeneous storage tiers; Replication Manager is a set ...

Mrs. Shiromuku Perl CGI shiromuku(u1) GUESTBOOK Cross-Site Scripting Vulnerability

Mrs. Shiromuku Perl CGI shiromukuu1 GUESTBOOK is a message board software. A cross-site scripting vulnerability exists in Mrs. Shiromuku Perl CGI shiromukuu1GUESTBOOK version 1.62 and earlier. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...