CloudBees Jenkins CI and LTS Cross-Site Scripting Vulnerability

CloudBees Jenkins CI is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . LTS is a long-term support for CloudBees Jenkins CI version . A...

CVE-2016-1305

Cross-site scripting XSS vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511...

CVE-2015-8793

Cross-site scripting XSS vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937...

CVE-2016-1300

Cross-site scripting XSS vulnerability in Cisco Unity Connection UC 10.52.3009 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582...

CVE-2016-0209

Cross-site scripting XSS vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-0209

Cross-site scripting XSS vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-1135

Cross-site scripting XSS vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlie...

Microsoft Exchange Server Cross-Site Scripting Vulnerability (CNVD-2016-00279)

Microsoft Exchange Server is a popular enterprise-class mail server developed by Microsoft. A cross-site scripting vulnerability exists in Microsoft Exchange Server that allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2016-0032

Cross-site scripting XSS vulnerability in Outlook Web Access OWA in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."...

CVE-2016-0031

Cross-site scripting XSS vulnerability in Outlook Web Access OWA in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0029...

TYPO3 back-end component cross-site scripting vulnerability (CNVD-2016-00179)

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in the back-end components of TYPO3 versions 6.2.x before 6.2.16 and 7.x before 7.6.1. A remote attacker can exploit this vulnerabilit...

Cross-site Scripting Vulnerability in uCosminexus Portal Framework and Groupmax Collaboration

Overview A cross-site scripting vulnerability was found in uCosminexus Portal Framework and Groupmax Collaboration. Impact Remote users can exploit a cross-site scripting vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official...

PT-2015-7108 · Ipswitch · Ipswitch Whatsup Gold

Name of the Vulnerable Software and Affected Versions: IPSwitch WhatsUp Gold versions prior to 16.4 Description: The issue allows remote attackers to inject arbitrary web script or HTML via multiple fields, including 1 an SNMP OID object, 2 an SNMP trap message, 3 the View Names field, 4 the Grou...

CVE-2015-7927

Cross-site scripting XSS vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-4998

Cross-site scripting XSS vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different...

Multiple Cross-site Scripting Vulnerabilities in EUR

Overview Multiple cross-site scripting vulnerabilities were found in EUR. Impact Remote users can exploit these vulnerabilities to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

UBUNTU-CVE-2015-6790

The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as...

The vulnerability relates to the EMC Documentum Administrator, a tool for managing electronic document systems; the EMC Documentum Digital Asset Management, a tool for managing multimedia materials within electronic document systems; the EMC Documentum TaskSpace, a tool for accessing the repository of electronic document systems; and the EMC Documentum Web Publisher, a system for managing web projects. The vulnerability also affects the web interface that provides access to the EMC Documentum Webtop repository. This vulnerability allows an attacker to inject arbitrary web scripts or HTML code.

The vulnerability of the EMC Documentum Administrator, a tool for managing electronic document systems, and the EMC Documentum Digital Asset Management tool for managing multimedia materials within electronic document systems, as well as the tools for accessing the EMC Documentum TaskSpace...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Cisco Emergency Responder 10.51a allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547...

jsoup: XSS vulnerability related to incomplete tags at EOF

It was found that jsoup did not properly validate user-supplied HTML content; certain HTML snippets could get past the validator without being detected as unsafe. A remote attacker could use a specially crafted HTML snippet to execute arbitrary web script in the user's browser...