Traccar Server Cross-Site Scripting Vulnerability

Traccar Server is an open source GPS tracking system. A cross-site scripting vulnerability exists in the protocol/SpotProtocolDecoder.java file in Traccar Server version 4.2, which can be exploited by a remote attacker to inject arbitrary Web script or HTML...

CVE-2018-16199

Cross-site scripting vulnerability in Toshiba Home gateway HEM-GW16A 1.2.9 and earlier, Toshiba Home gateway HEM-GW26A 1.2.9 and earlier allows an remote attacker to inject arbitrary web script or HTML via unspecified vectors...

Multiple Cross-Site Scripting Vulnerabilities in Zenphoto

Zenphoto is a free photo gallery content management system developed by the Zenphoto team. The system manages images and supports multimedia such as audio and video. Zenphoto suffers from multiple cross-site scripting vulnerabilities. A remote attacker can exploit this vulnerability to inject...

SAP CRM WebClient UI Cross-Site Scripting Vulnerability

SAP CRM Customer Relationship Management is a set of German SAP SAP customer relationship management solutions. The program includes sales management, marketing management, customer service system and other modules. SAP CRM WebClient UI is one of the Web client interface. A cross-site scripting...

hsweb cross-site scripting vulnerability

hsweb is a set of projects for rapid construction of enterprise website backend management system, which integrates online code generation, rights management, single sign-on and dynamic multi-data source distributed transaction processing and other functions. A cross-site scripting vulnerability...

UCMS cross-site scripting vulnerability (CNVD-2019-00981)

UCMS is a content management system written in PHP. A cross-site scripting vulnerability exists in UCMS version 1.4.7. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of the 'dir' parameter...

DouCo DouPHP Cross-Site Scripting Vulnerability (CNVD-2019-00999)

DouCo DouPHP is a lightweight open source CMS Content Management System based on PHP and MySQL. A cross-site scripting vulnerability exists in admin/article.php?rec=update in DouCo DouPHP version 1.5 20181221. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

DouCo DouPHP cross-site scripting vulnerability (CNVD-2019-00997)

DouCo DouPHP is a lightweight open source CMS Content Management System based on PHP and MySQL. A cross-site scripting vulnerability exists in admin/product.php?rec=update in DouCo DouPHP version 1.5 20181221. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

WESEEK GROWI Cross-Site Scripting Vulnerability (CNVD-2019-04901)

WESEEK GROWI is a suite of team collaboration software from WESEEK Japan. A cross-site scripting vulnerability exists in WESEEK GROWI 3.2.3 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary script in a user's web browser...

Allen-Bradley PowerMonitor 1000 Cross-Site Scripting Vulnerability

Rockwell Automation Allen-Bradley PowerMonitor 1000 is a power monitoring device from Rockwell Automation. A cross-site scripting vulnerability exists in the /Security/Security.shtm page in the Rockwell Automation Allen-Bradley PowerMonitor 1000. A remote attacker can exploit this vulnerability t...

CVE-2018-8917

Cross-site scripting XSS vulnerability in info.cgi in Synology DiskStation Manager DSM before 6.1.6-15266 allows remote attackers to inject arbitrary web script or HTML via the host parameter...

Sales & Company Management System Cross-Site Scripting Vulnerability

Sales & Company Management System SCMS is a sales and company management system. The system includes features such as customer management, product management and tax management. A cross-site scripting vulnerability exists in the memberemail.php file in SCMS 2018-06-06 and prior versions, which ca...

TIBCO Statistica Server TIBCO Statistica Component Cross-Site Scripting Vulnerability

TIBCO Statistica Server is a suite of job servers from TIBCO Software that provides a governance framework for shared workspaces and reusable templates.Statistica is one of the components... A cross-site scripting vulnerability exists in the web application of the TIBCO Statistica component in...

Centreon Cross-Site Scripting Vulnerability (CNVD-2019-00828)

Centreon formerly known as Merethis Centreon is an open source IT monitoring software suite from Centreon France that needs to be paired with Nagios to manage Nagios via the web and third-party components to enable monitoring of networks, operating systems and applications. A cross-site scripting...

Jupyter Notebook Cross-Site Scripting Vulnerability (CNVD-2019-09601)

Jupyter Notebook is an open source web application that creates and shares documents containing live code, equations, visualizations, and narrative text. A cross-site scripting vulnerability exists in Jupyter Notebook versions prior to 5.7.2, which stems from a failure to securely handle URLs in...

Microsoft Azure App Services on Azure Stack Cross-Site Scripting Vulnerability

Microsoft Azure App Services on Azure Stack is a suite of Platform-as-a-Service PaaS solutions from Microsoft Corporation USA. The product supports the creation of Web, API, and Azure applications for multiple platforms and devices. A cross-site scripting vulnerability exists in Microsoft Azure A...

CVE-2018-0699

Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

DomainMOD cross-site scripting vulnerability (CNVD-2019-07973)

DomainMOD is an open source application for managing your domain names and other Internet assets in a centralized location. A cross-site scripting vulnerability exists in DomainMOD versions 4.11.01 and earlier, which can be exploited by remote attackers to inject arbitrary web script or HTML via...

DomainMOD cross-site scripting vulnerability (CNVD-2019-07972)

DomainMOD is an open source application for managing your domain names and other Internet assets in a centralized location. A cross-site scripting vulnerability exists in DomainMOD versions 4.11.01 and earlier, which can be exploited by remote attackers to inject arbitrary web script or HTML via...

Cisco Prime Service Catalog Cross-Site Scripting Vulnerability (CNVD-2019-01895)

Cisco Prime Service Catalog PSC is a service catalog solution from Cisco USA that provides all IT services through a single portal. The solution supports automated ordering of a unified service catalog for computing, networking, storage, and other data center resources. A cross-site scripting...