4545 matches found
CVE-2020-6876
A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the...
CVE-2018-8062
A cross-site scripting XSS vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service...
VulnCheck KEV: CVE-2013-2618
Cross-site scripting XSS vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the maptitle parameter...
CVE-2020-5631
Stored cross-site scripting vulnerability in CMONOS.JP ver2.0.20191009 and earlier allows remote attackers to inject arbitrary script via unspecified vectors...
bootstrap: XSS in the affix configuration target property
A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...
Cisco Vision Dynamic Signage Director Web Management Interface Cross-Site Scripting Vulnerability
Cisco Vision Dynamic Signage Director is an end-to-end dynamic signage and IPTV solution from Cisco USA. A cross-site scripting vulnerability exists in the Web management interface in Cisco Vision Dynamic Signage Director versions prior to 6.2 SP5, which stems from the program failing to properly...
Firco Continuity Cross-Site Scripting Vulnerability
Firco Continuity is a real-time trade screening solution. A stored cross-site scripting vulnerability exists in Firco Continuity 6.2.0.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via the username field on the login page...
UBUNTU-CVE-2020-12648
A cross-site scripting XSS vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode...
RosarioSIS Cross-Site Scripting Vulnerability (CNVD-2020-42950)
RosarioSIS is a student information system for school management. A cross-site scripting vulnerability exists in RosarioSIS 6.7.2. The vulnerability stems from improper validation of user-supplied input in the Preferences.php script. A remote attacker can exploit the vulnerability by using the ta...
UBUNTU-CVE-2020-10946
Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...
CVE-2020-11845
Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML...
Sales Force Assistant Cross-Site Scripting Vulnerability
NI Consulting Sales Force Assistant is a suite of sales support and information sharing tools from NI Consulting Japan. The product supports features such as customer relationship management, case management, complaint management, and visit program management. A cross-site scripting vulnerability...
PT-2020-2194 · Microsoft · Sharepoint Server
Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A cross-site scripting issue exists due to inadequate protection of the web page structure. This...
PT-2020-2159 · Microsoft · Sharepoint Server
Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A cross-site scripting issue exists due to inadequate protection of the web page structure. This...
Amazon AWS JavaScript S3 Explorer Cross-Site Scripting Vulnerability
Amazon AWS JavaScript S3 Explorer is a set of S3 browsers. A cross-site scripting vulnerability exists in Amazon AWS JavaScript S3 Explorer explorer.js, which can be exploited by remote attackers to inject malicious script or HTML code, which can be used to gain access to sensitive information or...
CVE-2020-5528
CVE-2020-5528 is a cross-site scripting vulnerability in Movable Type series (including Movable Type 7, 6.5, and related editions) that allows remote attackers to inject arbitrary web script or HTML into the block editor and Rich Text Editor via a specially crafted URL. The vulnerability affects ...
CVE-2013-3565
Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...
UBUNTU-CVE-2013-3565
Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...
UBUNTU-CVE-2013-6451
Cross-site scripting XSS vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values...
bootstrap: XSS in the affix configuration target property
A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...