CVE-2018-1000856

DomainMOD version 4.09.03 and above. Also verified in the latest version 4.11.01 contains a Cross Site Scripting XSS vulnerability in Segment Name field in the segments page that can result in Arbitrary script can be executed on all users browsers who visit the affected page. This attack appear t...

CVE-2018-1000874

PHP cebe markdown parser version 1.2.0 and earlier contains a Cross Site Scripting XSS vulnerability in all distributed parsers allowing a malicious crafted script to be executed that can result in the lose of user data and sensitive user information. This attack can be exploited by crafting a...

JVN#32155106: Multiple vulnerabilities in i-FILTER

i-FILTER provided by Digital Arts Inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2018-16180 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 HTTP...

Microsoft Azure App Services on Azure Stack Cross-Site Scripting Vulnerability

Microsoft Azure App Services on Azure Stack is a suite of Platform-as-a-Service PaaS solutions from Microsoft Corporation USA. The product supports the creation of Web, API, and Azure applications for multiple platforms and devices. A cross-site scripting vulnerability exists in Microsoft Azure A...

WordPress Plugin WP Master Slider Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress plugin WP Master Slider version v3.5.1, which can be exploited by an...

WordPress Plugin Event Calendar WD Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Event Calendar WD, which could allow an attacker to execu...

Unauthorized Access Vulnerability in 360 Security Guard's Blocking of Added Users

360 Security Guard is a security antivirus program. An unauthorized access vulnerability exists when 360 Security Guard blocks adding users. An attacker can exploit the vulnerability to execute scripts to bypass 360 Security Guard blocking and add users...

Security update for libgit2 (moderate)

This update for libgit2 fixes the following issues: - CVE-2018-8099: Fixed possible denial of service attack via different vectors by not being able to differentiate between these status codes bsc1085256. - CVE-2018-11235: With a crafted .gitmodules file, a malicious project can execute an...

SUSE-SU-2018:3440-1 Security update for libgit2

This update for libgit2 fixes the following issues: - CVE-2018-8099: Fixed possible denial of service attack via different vectors by not being able to differentiate between these status codes bsc1085256. - CVE-2018-11235: With a crafted .gitmodules file, a malicious project can execute an...

Mitel MiVoice Office 400 web admin component cross-site scripting vulnerability

Mitel MiVoice Office 400 is a small and medium-sized business communications solution from Mitel Canada. The product includes features such as video conferencing, voice calls, etc. web admin is one of the web-based management components. A cross-site scripting vulnerability exists in the web admi...

Mitel ST 14.2 Cross-Site Scripting Vulnerability

Mitel ST is a video conferencing product from Mitel Canada. conferencing is one of the teleconferencing components. A cross-site scripting vulnerability exists in the conferencing component of Mitel ST 14.2 GA29 19.49.9400.0 and prior versions, which stems from the program failing to adequately...

Symantec Web Isolation Cross-Site Scripting Attack Vulnerability

Symantec Web Isolation is a Web security protection software from Symantec USA. The software is mainly used to prevent malware and phishing attacks, etc. A cross-site scripting vulnerability exists in Symantec Web Isolation version 1.11. A remote attacker can exploit this vulnerability to execute...

Cisco Wireless LAN Controller Software Cross-Site Scripting Vulnerability

Cisco Wireless LAN Controller WLC is a wireless LAN controller product from Cisco USA. The product provides security policy, intrusion detection and other functions in the wireless LAN. A cross-site scripting vulnerability exists in Cisco Wireless LAN Controller Software due to a web-based...

Wordpress plugin Wordfence 503.php page cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Wordpress plugin Wordfence 503.php page, which can be exploited by an...

PTC ThingWorx Platform Cross-Site Scripting Vulnerability

The PTC ThingWorx Platform is a suite of platforms for developing and deploying industrial IoT applications and augmented reality AR. A cross-site scripting vulnerability exists in SQUEAL in PTC ThingWorx Platform versions 6.5 through 8.2. A remote attacker could exploit the vulnerability to...

Cross-Site Scripting Vulnerability in Multiple Cisco Products

Cisco Webex Events Center, etc. are video conferencing solutions from Cisco USA. A cross-site scripting vulnerability exists in the web-based management interface of several Cisco products, which can be exploited by remote attackers to execute arbitrary script code in the context of the affected...

CVE-2018-15400

A vulnerability in the web-based management interface of Cisco Cloud Services Platform 2100 could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

CVE-2018-0452

A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient...

External Tasks Not Working in WEM

Configured Filters are not processed and scripts added to external tasks are not running...

Multiple Apple products WebKit cross-site scripting vulnerability (CNVD-2018-21002)

Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser shipped with the Mac OS X and iOS operating systems. iTunes for Windows is a media player and application for the Windows platform. WebKit is one of the web browser engine components...