Console: XSS in invoke operation

It was found that the parameters passed to operation invocations on the JMX console were not properly sanitized. Remote attackers could use this flaw to inject arbitrary web script or HTML into the JMX console...

Console: XSS in invoke operation

It was found that the parameters passed to operation invocations on the JMX console were not properly sanitized. Remote attackers could use this flaw to inject arbitrary web script or HTML into the JMX console...

GWT: unknown XSS flaw

Cross-site scripting XSS vulnerability in Google Web Toolkit GWT 2.4 through 2.5 Final, as used in JBoss Operations Network ON 3.1.1 and possibly other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue exists because of an incomplet...

CVE-2012-4970

CVE-2012-4970 is a cross-site scripting (XSS) vulnerability in the web management interface of Polycom HDX Video End Points. Affected software includes UC APL prior to 2.7.1_J and commercial prior to 3.0.5. Polycom fixed the issue starting with commercial build 3.0.5 and UC APL 2.7.1.1_J; the spe...

ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities

Title: ====== ManageEngine ServiceDesk 8.0 - Multiple Vulnerabilities Date: ===== 2012-11-15 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=689 VL-ID: ===== 689 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: =============...

CVE-2012-5920

CVE-2012-5920 is an XSS vulnerability in Google Web Toolkit (GWT) 2.4–2.5 Final, used in JBoss Operations Network 3.1.1 and potentially other products. It stems from an incomplete fix for CVE-2012-4563 and allows remote attackers to inject arbitrary script/HTML via unspecified vectors. Red Hat/IB...

UBUNTU-CVE-2012-5882

Cross-site scripting XSS vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208...

DEBIAN-CVE-2011-4928

Cross-site scripting XSS vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-5229

Cross-site scripting XSS vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter...

PT-2012-4179 · Red Hat · Cumin +1

Name of the Vulnerable Software and Affected Versions: Cumin versions prior to 0.1.5444 Red Hat Enterprise Messaging, Realtime, and Grid MRG version 2.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to error message displays ...

Cross site scripting

Cross-site scripting XSS vulnerability in fup in Frams' Fast File EXchange FEX, aka fex before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

CVE-2011-5125

Cross-site scripting XSS vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE method...

CVE-2011-5115

Cross-site scripting XSS vulnerability in DLGuard, possibly 4.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the searchCart parameter to index.php...

CVE-2012-2769

Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified...

CVE-2012-2571

Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

UBUNTU-CVE-2012-3790

Cross-site scripting XSS vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in a Search action...

PT-2012-3613 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via crafted character sequences with EUC-JP encoding. This could result in information disclosure when a us...

DEBIAN-CVE-2011-2083

Multiple cross-site scripting XSS vulnerabilities in Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

cumin: multiple XSS flaws

Multiple cross-site scripting XSS vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 widgets or 2 pages...

cumin: multiple XSS flaws

Multiple cross-site scripting XSS vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 widgets or 2 pages...