IBM Sametime Meetings Server Arbitrary Code Execution Vulnerability (CNVD-2017-26377)

IBM Sametime is a set of next-generation social communication tools from IBM in the United States. The tool helps users realize real-time business collaboration by integrating audio voice, data, and video.Sametime Meeting Server is one of the Web conferencing components used in Sametime chat and...

CVE-2017-13138

DOM based Cross-site scripting XSS vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript...

IBM iNotes Cross-Site Scripting Vulnerability (CNVD-2017-27829)

IBM iNotes also known as IBM Lotus iNotes is the United States IBM's set of Web-based e-mail software. A cross-site scripting vulnerability exists in IBM iNotes versions 8.5 and 9.0. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

IBM Rational Software Architect Design Manager Cross-Site Scripting Vulnerability

IBM Rhapsody Design Manager DM is a suite of collaborative design management software from IBM. The software supports the use of centralized system repositories with Web-based access to store, share, search, and manage design models, as well as software to automate design reviews. A cross-site...

IBM Emptoris Strategic Supply Management Platform Cross-Site Scripting Vulnerability

IBM Emptoris Strategic Supply Management is a common Web-based portal access to the Emptoris suite of products management platform from IBM. A cross-site scripting vulnerability exists in IBM Emptoris Strategic Supply Management versions 10.0.0.x through 10.1.1.x. A remote attacker could use this...

IBM Emptoris Strategic Supply Management Platform Cross-Site Scripting Vulnerability (CNVD-2017-23341)

IBM Emptoris Strategic Supply Management is a common Web-based portal access to the Emptoris suite of products management platform from IBM. A cross-site scripting vulnerability exists in IBM Emptoris Strategic Supply Management versions 10.0.0.x through 10.1.1.x. A remote attacker could use this...

IBM Emptoris Sourcing Cross-Site Scripting Vulnerability (CNVD-2017-21231)

IBM Emptoris Sourcing is a source-to-contract solution from IBM USA. The solution helps organizations get affordable prices and greater value from suppliers by examining factors such as cost, risk and performance in sourcing decisions. A cross-site scripting vulnerability exists in IBM Emptoris...

IBM Information Server Framework and InfoSphere Information Server on Cloud Cross-Site Scripting Vulnerability

IBM Information Server Framework and InfoSphere Information Server on Cloud are both products of the U.S. company IBM. The former is a set of data integration platform framework; the latter is a set of cloud-based data integration platform. A cross-site scripting vulnerability exists in IBM...

IBM Rational Team Concert Cross-Site Scripting Vulnerability (CNVD-2017-15923)

IBM Rational Team Concert RTC is the U.S. IBM's set of Jazz-based platform and support for decentralized teams for real-time collaboration related to software lifecycle management solutions. A cross-site scripting vulnerability exists in IBM RTC. A remote attacker can exploit this vulnerability t...

IBM Rational Collaborative Lifecycle Management and Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2017-11424)

IBM Rational Collaborative Lifecycle Management CLM and Rational Quality Manager RQM are both products of the U.S. company IBM. The former is a collaborative lifecycle management solution, the latter is a collaborative, Web-based quality management solution. A cross-site scripting vulnerability...

FortiOS XSS vulnerabilities via User Groups & Config Revision Comments

Two XSS vulnerabilities were reported to us affecting FortiOS that can be exploited to load and run a remote malicious Javascript in a logged in browser...

IBM Rational DOORS Next Generation Station Scripting Vulnerability (CNVD-2017-08547)

IBM Rational DOORS Next Generation DNS is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM, USA. The software provides a single platform for global team collaboration to manage requirements more efficiently and share unified user, server and project...

Hitachi Device Manager and Replication Manager Cross-Site Scripting Vulnerability

Hitachi Device Manager and Replication Manager are both products of Hitachi, Japan.Hitachi Device Manager is software that manages multiple Hitachi storage systems from a single console and provides logical view capabilities to align storage assets with business applications. Replication Manager ...

Cross-site scripting vulnerability in multiple IBM Rational products (CNVD-2016-13286)

IBM Rational Collaborative Lifecycle Management CLM, etc. are products of IBM Corporation in the U.S. IBM Rational CLM, Rational Team Concert RTC and Rational Engineering Lifecycle Manager RELM are collaborative lifecycle management solutions; Rational DOORS Next Generation RDNG is a requirements...

chromium-browser: info leak in extensions

A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page...

UBUNTU-CVE-2016-7148

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting XSS" issue affecting the action=AttachFile via page name component...

Yandex Browser for desktop Yandex Browser Translator Cross-Site Scripting Vulnerability

Yandex Browser for desktop is a desktop browser from the Russian company Yandex.Yandex Browser Translator is one of the translation applications. A cross-site scripting vulnerability exists in Yandex Browser Translator in Yandex Browser for desktop versions 15.12 through 16.2. A remote attacker c...

IBM Financial Transaction Manager for ACH Cross-Site Scripting Vulnerability

IBM Financial Transaction Manager FTM for ACH Services is a Financial Transaction Manager product from IBM USA, which is used to monitor, track and report on financial payments and transactions. A cross-site scripting vulnerability exists in Financial Transaction Manager FTM for ACH Services...

The vulnerability of the Firefox browser, which allows a remote attacker to execute arbitrary JavaScript code

The vulnerability of Firefox lies in the improper restriction of resource: URL. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code with privileges of a Chrome browser, thereby circumventing access control policies. This can be achieved, for example, by usi...

The vulnerabilities of PDF editing programs like Adobe Acrobat and Adobe Acrobat Document Cloud, as well as PDF viewing programs like Adobe Reader and Adobe Reader Document Cloud, allow attackers to circumvent JavaScript restrictions.

The vulnerability of the CBSharedReviewSecurityDialog method in PDF editing programs from Adobe Acrobat and Adobe Acrobat Document Cloud, as well as in PDF viewing programs from Adobe Reader and Adobe Reader Document Cloud, is related to deficiencies in access control for certain functions...