Mitel MiVoice Connect Cross-Site Scripting Vulnerability (CNVD-2018-08583)

Mitel MiVoice Connect R1707-PREM and Mitel ST are both products of Mitel Canada.Mitel MiVoice Connect R1707-PREM is a Unified Communications Management Appliance.ST is a videoconferencing product.conferencing is one of the notification components. conferencing is one of the conference notificatio...

Mitel MiVoice Connect Cross-Site Scripting Vulnerability

Mitel MiVoice Connect R1707-PREM and Mitel ST are both products of Mitel Canada.Mitel MiVoice Connect R1707-PREM is a Unified Communications Management Appliance.ST is a videoconferencing product.conferencing is one of the notification components. conferencing is one of the conference notificatio...

chromium-browser: Incorrect handling of plaintext files via file://

Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML page...

Cisco ASA WebVPN Cross-Site Scripting Vulnerability

The Cisco Adaptive Security Appliance ASA, Adaptive Security Appliance is a set of firewall appliances from the American company Cisco Cisco. The appliance also includes IPS Intrusion Prevention System, SSL VPN, IPSec VPN, anti-spam, etc. WebVPN is one of the Web-based VPN applications. A...

Cacti cross-site scripting vulnerability (CNVD-2018-08667)

Cacti is an open source, web-based network monitoring and mapping tool, a front-end application designed for the data logging tool RRDtool. Cacti suffers from a cross-site scripting vulnerability. The vulnerability arises because the getcurrentpage function in lib/functions.php relies on...

SAP Solution Manager Incident Management Work Center Cross-Site Scripting Vulnerability

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

Google Chrome interstitials command execution vulnerability

Google Chrome is a web browser developed by Google Inc. interstitials is one of the pop-up ads plug-ins. A security vulnerability exists in interstitials in Google Chrome, which stems from the program failing to properly validate user-submitted input. The vulnerability can be exploited by a remot...

CVE-2018-1000154

Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page CWE-80 vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script code on users browser...

Cacti cross-site scripting vulnerability (CNVD-2018-08317)

Cacti is based on PHP, MySQL, SNMP and RRDTool developed a set of graphical analysis of network traffic monitoring tools . Cacti suffers from a cross-site scripting vulnerability, which is caused by failing to properly filter HTML code from user-supplied input before displaying it, and can be...

CA API Developer Portal Cross-Site Scripting Vulnerability (CNVD-2018-06884)

CA API Developer Portal is a set of CA's API Application Programming Interface query function for software developers. A cross-site scripting vulnerability exists in the widgetID variable in CA API Developer Portal, which stems from the program failing to properly filter user-submitted HTML code....

CA API Developer Portal Cross-Site Scripting Vulnerability

CA API Developer Portal is a set of CA's API Application Programming Interface query function for software developers. A cross-site scripting vulnerability exists in the profile picture handling in CA API Developer Portal, which stems from the program failing to properly filter user-submitted HTM...

Safari vulnerable to script injection

Overview Safari provided by Apple Inc. contains a script injection vulnerability CWE-81 in the processing of displaying an error page when it fails to verify server certificates. In an error page Safari displays when it fails to verify server certificates, a domain name of the website accessed is...

CA API Developer Portal Cross-Site Scripting Vulnerability

CA API Developer Portal is a set of CA's API Application Programming Interface query function for software developers. A cross-site scripting vulnerability exists in the profile picture handling in CA API Developer Portal versions 3.5 through 3.5 CR6, which stems from the program failing to...

SAP Business Objects Business Intelligence Platform Cross-Site Scripting Vulnerability

SAP Business Objects Business Intelligence Platform is a set of business intelligence software and enterprise performance management platform from SAP. The platform provides reporting, performance management and data base functions. A cross-site scripting vulnerability exists in SAP Business...

canhovinhomes-saigon.com XSS vulnerability

Open Bug Bounty ID: OBB-587404 Description| Value ---|--- Affected Website:| canhovinhomes-saigon.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

McAfee ePolicy Orchestrator Directory Traversal and Cross-Site Scripting Vulnerability

McAfee ePolicy Orchestrator ePO is an industry-leading systems security management solution that helps organizations effectively defend against a wide range of malicious threats and attacks. Directory traversal and cross-site scripting vulnerabilities exist in McAfee ePolicy Orchestrator versions...

SAP NetWeaver RunTime Cross-Site Scripting Vulnerability

SAP NetWeaver RunTime is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A cross-site scripting vulnerability exists in SAP NetWeaver RunTime, which arises from the program's...

Eramba Cross-Site Scripting Vulnerability (CNVD-2018-06086)

Eramba is an open source, enterprise-level IT governance application from Eramba UK. The program features IT security, compliance auditing and analysis, and more. A cross-site scripting vulnerability exists in the error page of the CSV file inclusion tab of /importTool/preview URI in Eramba e...

QQQ SYSTEMS vulnerable to cross-site scripting

Overview QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quiz.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on t...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2018-06462)

Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. A cross-site scripting...