Pagoda Linux panel cross-site scripting vulnerability

Pagoda Linux panel is a Linux hosting panel from China Pagoda Pagoda Network Technology Company. A cross-site scripting vulnerability exists in Pagoda Linux panel version 6.0. The vulnerability can be exploited by a remote attacker to inject arbitrary web script or HTML via a CAPTCHA associated...

D-link DSL-2640T Cross-Site Scripting Vulnerability

The D-link DSL-2640T is a wireless router from AUO D-Link. A cross-site scripting vulnerability exists in the cgi-bin/webcm page in the D-link DSL-2640T. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the 'var:RelaodHref' or 'var:conid' parameter...

Mitel ST 14.2 Cross-Site Scripting Vulnerability

Mitel ST is a video conferencing product from Mitel Canada. conferencing is one of the teleconferencing components. A cross-site scripting vulnerability exists in the conferencing component of Mitel ST 14.2 GA29 19.49.9400.0 and prior versions, which stems from the program failing to adequately...

Mitel MiVoice Office 400 web admin component cross-site scripting vulnerability

Mitel MiVoice Office 400 is a small and medium-sized business communications solution from Mitel Canada. The product includes features such as video conferencing, voice calls, etc. web admin is one of the web-based management components. A cross-site scripting vulnerability exists in the web admi...

F5 BIG-IP AFM Cross-Site Scripting Vulnerability (CNVD-2019-01910)

F5 BIG-IP AFM is an advanced firewall product from F5 USA for protection against DDos attacks. A cross-site scripting vulnerability exists in the TMUI page in F5 BIG-IP AFM versions 13.0.0 through 13.1.1.1 and 12.1.0 through 12.1.3.6, which can be exploited by a remote attacker to inject arbitrar...

Aryanic HighPortal Cross-Site Scripting Vulnerability

Aryanic HighPortal is an enterprise portal system based on Java and ASP.NET. A cross-site scripting vulnerability exists in Aryanic HighPortal version 12.5. A remote attacker can exploit this vulnerability by adding tags to inject arbitrary web script or HTML...

Symantec Web Isolation Cross-Site Scripting Attack Vulnerability

Symantec Web Isolation is a Web security protection software from Symantec USA. The software is mainly used to prevent malware and phishing attacks, etc. A cross-site scripting vulnerability exists in Symantec Web Isolation version 1.11. A remote attacker can exploit this vulnerability to execute...

BigTree CMS cross-site scripting vulnerability (CNVD-2018-21319)

Fastspot BigTree is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A cross-site scripting vulnerability exists in /admin/ajax/file-browser/upload/ in Fastspot BigTree version 4.2.23. A remote attacker can exploit this vulnerability to inject...

PTC ThingWorx Platform Cross-Site Scripting Vulnerability

The PTC ThingWorx Platform is a suite of platforms for developing and deploying industrial IoT applications and augmented reality AR. A cross-site scripting vulnerability exists in SQUEAL in PTC ThingWorx Platform versions 6.5 through 8.2. A remote attacker could exploit the vulnerability to...

Agentejo Cockpit Cross-Site Scripting Vulnerability

Agentejo Cockpit is a management system for managing structured content on websites. A cross-site scripting vulnerability exists in Agentejo Cockpit version 0.6.2. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

LUYA CMS Cross-Site Scripting Vulnerability

LUYA CMS is a scalable content management system CMS. A cross-site scripting vulnerability exists in LUYA CMS version 1.0.12. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML via /admin/api-cms-nav/create-page...

nc-cms cross-site scripting vulnerability

nc-cms is a PHP-based embeddable lightweight CMS content management system. A cross-site scripting vulnerability exists in the index.php?action=edithtml&name=homecontent URI in nc-cms 2017-03-10 and earlier versions, which can be exploited by remote attackers to inject malicious JavaScript code...

CVE-2018-18291

A cross site scripting XSS vulnerability on ASUS RT-AC58U 3.0.0.4.3806516 devices allows remote attackers to inject arbitrary web script or HTML via AdvancedASUSDDNSContent.asp, AdvancedWSecurityContent.asp, AdvancedWirelessContent.asp, Logout.asp, MainLogin.asp, MobileQISLogin.asp, QISwizard.htm...

CVE-2018-18062

An issue was discovered in dialog.php in tecrail Responsive FileManager 9.8.1. A reflected XSS vulnerability allows remote attackers to inject arbitrary web script or HTML...

Cross-Site Scripting Vulnerability in Multiple Cisco Products

Cisco Webex Events Center, etc. are video conferencing solutions from Cisco USA. A cross-site scripting vulnerability exists in the web-based management interface of several Cisco products, which can be exploited by remote attackers to execute arbitrary script code in the context of the affected...

Multiple Apple products WebKit cross-site scripting vulnerability (CNVD-2018-21002)

Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser shipped with the Mac OS X and iOS operating systems. iTunes for Windows is a media player and application for the Windows platform. WebKit is one of the web browser engine components...

CVE-2018-17322

Cross-site scripting XSS vulnerability in index.php/index/category/index in YUNUCMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the area parameter...

Micro Focus ArcSight Management Center Cross-Site Scripting Vulnerability

Micro Focus ArcSight Management Center ArcMC is a security management center from Micro Focus UK that centrally manages ArcSight e.g. HP ArcSight Logger, etc. deployments through a unified interface. A cross-site scripting vulnerability exists in Micro Focus ArcMC versions prior to 2.81, which ca...

GHSA-77PC-Q5Q7-QG9H Moderate severity vulnerability that affects rails-html-sanitizer

Withdrawn, accidental duplicate publish. Cross-site scripting XSS vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via a crafted CDATA node...

SAP NetWeaver WebDynpro Java Cross-Site Scripting Vulnerability

SAP Enterprise Financial Services is a set of enterprise financial services solutions from SAP. A cross-site scripting vulnerability exists in SAP NetWeaver, which arises from a failure to properly sanitize user-supplied input and can be exploited by a remote attacker to execute arbitrary script...