CVE-2016-0032

Cross-site scripting XSS vulnerability in Outlook Web Access OWA in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."...

CVE-2016-0031

Cross-site scripting XSS vulnerability in Outlook Web Access OWA in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0029...

TYPO3 back-end component cross-site scripting vulnerability (CNVD-2016-00179)

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in the back-end components of TYPO3 versions 6.2.x before 6.2.16 and 7.x before 7.6.1. A remote attacker can exploit this vulnerabilit...

Cross-site Scripting Vulnerability in uCosminexus Portal Framework and Groupmax Collaboration

Overview A cross-site scripting vulnerability was found in uCosminexus Portal Framework and Groupmax Collaboration. Impact Remote users can exploit a cross-site scripting vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official...

PT-2015-7108 · Ipswitch · Ipswitch Whatsup Gold

Name of the Vulnerable Software and Affected Versions: IPSwitch WhatsUp Gold versions prior to 16.4 Description: The issue allows remote attackers to inject arbitrary web script or HTML via multiple fields, including 1 an SNMP OID object, 2 an SNMP trap message, 3 the View Names field, 4 the Grou...

CVE-2015-7927

Cross-site scripting XSS vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-4998

Cross-site scripting XSS vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different...

Multiple Cross-site Scripting Vulnerabilities in EUR

Overview Multiple cross-site scripting vulnerabilities were found in EUR. Impact Remote users can exploit these vulnerabilities to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

UBUNTU-CVE-2015-6790

The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Cisco Emergency Responder 10.51a allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547...

jsoup: XSS vulnerability related to incomplete tags at EOF

It was found that jsoup did not properly validate user-supplied HTML content; certain HTML snippets could get past the validator without being detected as unsafe. A remote attacker could use a specially crafted HTML snippet to execute arbitrary web script in the user's browser...

Newphoria applican framework cross-site scripting vulnerability

Newphoria applican framework for Android and iOS is a set of application development framework based on Android and iOS platforms from Newphoria, Japan. A cross-site scripting vulnerability exists in the runtime engine of Newphoria applican framework 1.12.6 and earlier for Android and Newphoria...

JosephErnest Void Cross-Site Scripting Vulnerability

JosephErnest Void is a content management system CMS. A cross-site scripting vulnerability exists in the index.php script in versions of JosephErnest Void prior to 2015-10-02. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of a specially...

Newphoria applican framework cross-site scripting vulnerability (CNVD-2015-07764)

Newphoria applican framework for Android and iOS is a set of application development framework based on Android and iOS platforms from Newphoria, Japan. A cross-site scripting vulnerability exists in the runtime engine of Newphoria applican framework 1.12.6 and earlier versions for Android and...

CVE-2015-7997

Multiple cross-site scripting XSS vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller ADC and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service Delivery Appliance Service VM SVM devices allow...

Multiple Cross-Site Scripting Vulnerabilities in HP ArcSight Management Center

HP ArcSight Management Center is a security management center from Hewlett-Packard HP in the U.S. HP ArcSight Logger is a log management software tool. Multiple cross-site scripting vulnerabilities exist in HP ArcSight Management Center versions prior to 2.1, and ArcSight Logger versions prior to...

Microsoft .NET Framework Cross-Site Scripting Vulnerability

Microsoft .NET Framework is a popular software development toolkit. A cross-site scripting vulnerability exists in Microsoft .NET Framework versions 4, 4.5, 4.5.1, 4.5.2,4.6, which allows remote attackers to insert arbitrary web scripts or HTML pages via a carefully constructed value...

Microsoft Skype for Business Cross-Site Scripting Vulnerability

Microsoft Skype for Business is an enterprise-class communication tool from Microsoft Corporation that enhances support for intra-enterprise communications as well as content sharing and collaboration. Cross-site scripting vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1...

CVE-2015-5734

Cross-site scripting XSS vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via a crafted string...

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2015-07411)

Mozilla Firefox is an open source web browser. A cross-site scripting vulnerability exists in Mozilla Firefox for Android-based platforms that fails to properly restrict URL strings in Android intents, allowing remote attackers to exploit the vulnerability to inject malicious script or HTML code...