PT-2019-9623 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 versions prior to 5.3.2.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the gr 110 parameter in the adm/boardgroup form update.php endpoint, specifically through the "board group extra...

CVE-2019-5403

A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media versions: prior to 3.5.0.1...

GitLab CE and EE Cross-Site Scripting Vulnerability (CNVD-2019-06642)

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. A cross-site scriptin...

CVE-2017-18041

The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo before version 6.2.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the name of a release...

PT-2018-17099 · Open On Chip Debugger +1 · Openocd +1

Name of the Vulnerable Software and Affected Versions: Open On-Chip Debugger OpenOCD version 0.10.0 Description: The issue allows remote attackers to conduct cross-protocol scripting attacks and execute arbitrary commands via a crafted web site, by not blocking attempts to use HTTP POST for sendi...

IBM WebSphere Portal Cross-Site Scripting Vulnerability (CNVD-2018-01031)

IBM WebSphere Portal is a suite of enterprise portal software from IBM. The software creates a platform that connects the internal and external parts of an organization, allowing employees, customers and suppliers to access internal data through the platform. A cross-site scripting vulnerability...

IBM Infosphere BigInsights Link Injection Vulnerability

IBM InfoSphere BigInsights is a suite of software platforms for storing and analyzing "Big Data" from IBM in the United States. The platform provides solutions for managing and analyzing massive amounts of structured and unstructured data. A link injection vulnerability exists in IBM Infosphere...

CVE-2017-14354

A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting...

CVE-2016-2986

Cross-site scripting XSS vulnerability in IBM Rational Collaborative Lifecycle Management 6.x before 6.0.1 iFix6, Rational Quality Manager 6.x before 6.0.1 iFix6, Rational Team Concert 6.x before 6.0.1 iFix6, Rational DOORS Next Generation 6.x before 6.0.1 iFix6, Rational Engineering Lifecycle...

CVE-2012-2401

Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows remote attackers to bypass the Same Origin Policy via crafted content...

acroread: multiple XSS flaws (APSB11-03)

Cross-site scripting XSS vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0604...

OpenJDK: Intended access restrictions bypass via LiveConnect (6724331)

The Java Plug-in in Java SE Development Kit JDK and Java Runtime Environment JRE 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.219 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted...

CVE-2007-6520

Opera before 9.25 allows remote attackers to conduct cross-domain scripting attacks via unknown vectors related to plug-ins...

about: blank windows

Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting XSS attacks with chrome privileges via an addon that inserts a 1 javascript: or 2 data: link into an about:blank document loaded by chrome via a the...

PT-2007-2720 · Sava · Sava'S Guestbook

Name of the Vulnerable Software and Affected Versions: Sava's Guestbook version 23.11.2006 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the name, country, email, and website parameters in the add2.php file. This can lead to cross-site scripting XSS...

[KAPDA::#46] - AjaxPortal Authentication Bypass

KAPDA New advisory Vendor: http://myiosoft.com Vulnerable: AjaxPortal v. 3.0 Bug: Sql Injection Authentication Bypass Exploitation: Remote with browser Description: -------------------- AjaxPortal is based on Sajax technology - an open source tool to make programming websites using the Ajax...