ikiwiki cross-site scripting vulnerability (CNVD-2016-03223)

Ikiwiki is a wiki compiler that supports the conversion of wiki pages into HTML pages for web publishing. A cross-site scripting vulnerability exists in the 'cgierror' function in Ikiwiki's CGI.pm file, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML...

CVE-2016-2350

Multiple cross-site scripting XSS vulnerabilities on the Accellion File Transfer Appliance FTA before FTA91240 allow remote attackers to inject arbitrary web script or HTML via unspecified input to 1 getimageajax.php, 2 movepartitionframe.html, or 3 wmInfo.html...

CVE-2016-0901

Cross-site scripting XSS vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900...

Secure Item Hub Persistent Input Validation Vulnerability

Secure Item Hub app is able to transfer files between iphone or ipad and computer on the same wifi network. A persistent input validation vulnerability exists in Secure Item Hub, which could allow a remote attacker to inject malicious persistent script code on the application side of the mobile a...

CVE-2016-3126

Cross-site scripting XSS vulnerability in the Management Console in BlackBerry Enterprise Server BES 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2016-1918

Cross-site scripting XSS vulnerability in the Management Console in BlackBerry Enterprise Server BES 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917...

CVE-2016-1652

Cross-site scripting XSS vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS...

SilverStripe CMS & Framework Cross-Site Scripting Vulnerability

SilverStripe CMS & Framework is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. A cross-site scripting vulnerability exists in SilverStripe CMS & Framework versions prior to 3.1.16 and 3.2.x prior to 3.2.1, which can be exploited by...

CVE-2016-4016

Cross-site scripting XSS vulnerability in SAP Manufacturing Integration and Intelligence aka MII, formerly xMII 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xappsxmiiuiadminnavigation/NavigationApplication, aka SAP Securi...

IBM Financial Transaction Manager for Corporate Payment Services Cross-Site Scripting Vulnerability

IBM Financial Transaction Managerfor Corporate Payment Services is a financial transaction manager product that focuses on monitoring, tracking, and reporting financial payments and transactions. A cross-site scripting vulnerability in IBM FTM for Corporate Payment Services on multiple platforms...

Microsoft Edge Elevation of Privilege Vulnerability

Microsoft Edge is the web browser built into the Windows 10 version. Microsoft Edge suffers from an elevation of privilege vulnerability in its implementation due to the program failing to properly validate JavaScript.A remote attacker could exploit this vulnerability to run scripts with elevated...

UBUNTU-CVE-2015-8807

Cross-site scripting XSS vulnerability in the renderVarInputnumber function in horde/framework/Core/lib/Horde/Core/Ui/VarRenderer/Html.php in Horde Groupware before 5.2.12 and Horde Groupware Webmail Edition before 5.2.12 allows remote attackers to inject arbitrary web script or HTML via vectors...

LOCKON EC-CUBE Social-button Premium Plugin Cross-Site Scripting Vulnerability

LOCKON EC-CUBE is an open source e-commerce website building platform developed by Japan LOCKON Co. A cross-site scripting vulnerability exists in version 1.0 of the Social-button Premium plugin for LOCKON EC-CUBE 2.13.x. The vulnerability can be exploited to inject arbitrary Web script or HTML. ...

CVE-2016-1375

Cross-site scripting XSS vulnerability in Cisco IP Interoperability and Collaboration System 4.101 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy12339...

UBUNTU-CVE-2016-2511

Cross-site scripting XSS vulnerability in WebSVN 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the path parameter to log.php...

Menubook plugin cross-site scripting vulnerability

Menubook plugin for baserCMS is a menu list plugin for baserCMS. A cross-site scripting vulnerability in Menubook plugin for baserCMS before 0.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Huawei Agile Controller-Campus Cross-Site Scripting Vulnerability

Huawei Agile Controller-Campus is a multi-service converged, open and compatible controller product from Huawei, China. A cross-site scripting vulnerability exists in the portal authentication page of Huawei Agile Controller-Campus version V100R001C00SPC315, which can be exploited by a remote...

jenkins: API tokens of other users available to admins (SECURITY-200)

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user...

CVE-2016-1355

Cross-site scripting XSS vulnerability in the Device Management UI in the management interface in Cisco FireSIGHT System Software 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy41687...

CVE-2016-1354

Cross-site scripting XSS vulnerability in Cisco Unified Communications Domain Manager UCDM 8.x before 8.1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCud41176...