IBM WebSphere MQ XR WebSockets Listener Cross-Site Scripting Vulnerability

IBM WebSphere MQ is a messaging middleware product that provides a reliable and proven messaging backbone for Service Oriented Architecture SOA. A cross-site scripting vulnerability in IBM WebSphere MQ XR WebSockets Listener allows remote attackers to exploit the vulnerability to inject malicious...

Drupal Cloudwords for Multilingual Drupal module cross-site scripting vulnerability

Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community. cloudwords for Multilingual Drupal is one of the modules that provides multiple language translations. A cross-site scripting vulnerability exists in the Drupal Cloudwords for...

Cisco Unified MeetingPlace Cross-Site Scripting Vulnerability (CNVD-2015-02651)

Cisco Unified MeetingPlace is the United States Cisco Cisco company's set of multimedia conferencing solutions. The solution provides a user environment that integrates voice, video and Web conferencing. A cross-site scripting vulnerability exists in the Web management interface of Cisco Unified...

Adobe ColdFusion suffers from an unspecified cross-site scripting vulnerability (CNVD-2015-02633)

Adobe ColdFusion is a dynamic Web server , its CFML is a programming language , similar to the current JSP in the JSTL. Adobe ColdFusion has an unspecified cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which c...

MediaWiki cross-site scripting vulnerability (CNVD-2015-02416)

MediaWiki is a Wiki program. A cross-site scripting vulnerability exists in the Html class of MediaWiki. When the program uses a language variant, a remote attacker can exploit the vulnerability by replacing strings with LanguageConverter to inject arbitrary web script or HTML...

Kemp Virtual LoadMaster /progs/geoctrl/doadd fqdn stored cross-site scripting vulnerability

Kemp Virtual LoadMaster is a virtual load balancer. Kemp Virtual LoadMaster /progs/geoctrl/doadd handles the fqdn parameter cross-site scripting vulnerability, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code that can be used to gain access to...

DEBIAN-CVE-2015-2939

Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...

DEBIAN-CVE-2015-2934

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xmlparse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file...

DEBIAN-CVE-2015-2933

Cross-site scripting XSS vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant...

DEBIAN-CVE-2015-2932

Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element...

DEBIAN-CVE-2015-2931

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI...

CVE-2015-2931

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI...

UBUNTU-CVE-2015-2931

Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI...

UBUNTU-CVE-2015-2939

Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...

Multiple Cross-Site Scripting Vulnerabilities in IBM Business Process Manager

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in Proce...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2015-01946)

IBM Business Process Manager BPM is a comprehensive set of business process management platforms from IBM in the U.S. It provides a range of tools related to business process modeling, assembly, monitoring, and deployment.WebSphere Lombardi Edition WLE is the predecessor of the BPM product. A...

IBM Rational DOORS Next Generation and Rational Requirements Composer Cross-Site Scripting Vulnerability

IBM Rational DOORS Next Generation and Rational Requirements Composer are both requirements management solutions from IBM USA. The solutions are primarily used to define, manage, and report on requirements throughout the project lifecycle. A cross-site scripting vulnerability exists in IBM Ration...

EMC RSA Certificate Manager and RSA Registration Manager Cross-Site Scripting Vulnerability (CNVD-2015-01665)

EMC RSA Certificate Manager RCM and RSA Registration Manager RRM are both products of EMC Corporation, RCM is a digital certificate management system that provides automated implementation of encryption key and digital certificate management, and RRM is a certificate registration management syste...

OpenKM Cross-Site Scripting Vulnerability

OpenKM is a document management system from OpenKM Spain. The system provides features such as version control, document history and file sharing. A cross-site scripting vulnerability exists in OpenKM version 6.4.18 build 23338, which stems from a frontend/index.jsp script that fails to adequatel...

jquery-ui: XSS vulnerability in jQuery.ui.dialog title option

Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...