CVE-2019-18419

A cross-site scripting XSS vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

python-werkzeug: Cross-site scripting in render_full function in debug/tbtools.py

Cross-site scripting XSS vulnerability in the renderfull function in debug/tbtools.py in the debugger in Pallets Werkzeug before 0.11.11 as used in Pallets Flask and other products allows remote attackers to inject arbitrary web script or HTML via a field that contains an exception message...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

bootstrap: XSS in the tooltip data-viewport attribute

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting, caused by improper validation of user-supplied input by the tooltip data-viewport attribute. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hosting W...

Microsoft Dynamics 365 Cross-Site Scripting Vulnerability (CNVD-2019-35573)

Microsoft Dynamics 365 is a suite of ERP business solutions for multinational organizations from Microsoft USA. The product includes financial management, production management and business intelligence management. A cross-site scripting vulnerability in Microsoft Dynamics 365 on-premises version...

Cisco IOS and IOS XE Cross-Site Scripting Vulnerability

Cisco IOS and IOS XE are a set of operating systems developed by Cisco for its network devices. A cross-site scripting vulnerability exists in the web framework code in Cisco IOS and Cisco IOS XE, which stems from a program that fails to perform sufficient input validation. A remote attacker coul...

CVE-2019-5404

A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media versions: prior to 3.5.0.1...

CVE-2019-5404

A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media versions: prior to 3.5.0.1...

CVE-2019-5404

A remote script injection vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media versions: prior to 3.5.0.1...

CVE-2019-5404

CVE-2019-5404 affects HPE 3PAR StoreServ Management Console and Core Software Media prior to 3.5.0.1. A remote script injection vulnerability could allow an attacker to execute client-side code in the management console. The exact exploitation details, including successful attack scenarios, are n...

PT-2019-9619 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the me link parameter, also known as the "Menu Link" parameter, in the adm/menu list update.php endpoint. This can be exploite...

PT-2019-9616 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the Extra Contents parameter, also known as the cf 110 parameter in the adm/config form update.php file. This enables attacker...

PT-2019-9622 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the bo mobile content tail parameter, also referred to as the "mobile board tail contents" parameter, in the adm/board form...

PT-2019-9618 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the bo content head parameter, also known as the "board head contents" parameter, in the adm/board form update.php endpoint...

PT-2019-9617 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the bo mobile content head parameter, also known as the "mobile board head contents" parameter, in the adm/board form update.p...

PT-2019-9621 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the bo mobile subject parameter, also referred to as the "mobile board title contents" parameter, in the adm/board form...

CVE-2019-5962

Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2019-11825

Cross-site scripting XSS vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter...

IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2019-20849)

IBM Rational Collaborative Lifecycle Management CLM is a suite of collaborative lifecycle management solutions from IBM in the United States. The solution combines three products, RTC, RQM, and RRC, in a single IBM SmartCloud Enterprise cloud environment image to provide requirements management,...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...