EUVD-2016-8136

Cross-site scripting XSS vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7206...

UBUNTU-CVE-2016-5191

Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via crafted HTML pages, as demonstrated by an interpretation confli...

McAfee VirusScan Enterprise Cross-Site Scripting Vulnerability

McAfee VirusScan Enterprise is a suite of antivirus software from the American company McAfee. The software provides a full range of security protection, scans memory for malicious code and optimizes updates for remote systems. A cross-site scripting vulnerability exists in VirusScan Enterprise f...

chromium-browser: universal xss in blink

Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

chromium-browser: universal xss in blink

Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

Google Chrome Blink Cross-Site Scripting Vulnerability (CNVD-2016-12102)

Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A cross-site scripting vulnerability exists in Blink in versions of Google Chrome prior to 55.0.2883.75. A remote attacker can...

UBUNTU-CVE-2016-5208

Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

Piwigo 'search_rules.php' Cross-Site Scripting Vulnerability

Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time, and more. A cross-site scripting vulnerability exists in the 'search results front end' feature in Piwigo version 2.8.3. A remote...

CVE-2016-2934

Cross-site scripting XSS vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-7251

Cross-site scripting XSS vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vulnerability."...

Moodle CMS Cross-Site Scripting Vulnerability

Moodle is an open source course management system CMS, also known as a learning management system LMS. A cross-site scripting vulnerability exists in Moodle CMS 3.1.2 and prior versions. Due to the program failing to adequately filter user-submitted input. Allows remote attackers to inject...

CVE-2016-0246

Cross-site scripting XSS vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

UBUNTU-CVE-2016-5181

Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via crafted HTML pages...

Contenido v4.9.11 - (Backend) Multiple XSS Vulnerabilities

Document Title: =============== Contenido v4.9.11 - Backend Multiple XSS Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1928 Release Date: ============= 2016-10-09 Vulnerability Laboratory ID VL-ID: ====================================...

CVE-2016-6436

Cross-site scripting XSS vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682...

CVE-2016-6425

Cross-site scripting XSS vulnerability in Cisco Unified Intelligence Center CUIC 8.5.4 through 9.11, as used in Unified Contact Center Express 10.01 through 11.01, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652...

CVE-2016-5061

Multiple cross-site scripting XSS vulnerabilities in the web server in Aternity before 9.0.1 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTPAgent, 2 MacAgent, 3 getExternalURL, or 4 retrieveTrustedUrl page...

Apple iOS and Safari Safari Reader Cross Site Scripting Vulnerability

Apple iOS and Safari are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Apple Safari is a web browser that is the default browser shipped with Mac OS X and iOS operating systems; Safari Reader is one of the browser's own Reader component. A cross-site...

chromium-browser: universal xss using devtools

Cross-site scripting XSS vulnerability in WebKit/Source/platform/v8inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools aka...

CVE-2016-5165

Cross-site scripting XSS vulnerability in the Developer Tools aka DevTools subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a...