Drupal Better Exposed Filters Module Cross-Site Scripting Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A cross-site scripting vulnerability exists in the Drupal Better Exposed Filters module. An attacker can exploit this issue to execute arbitrary script code in an...

Cross-Site Scripting Vulnerability in Multiple TIBCO Products

TIBCO Spotfire Automation Services are products of TIBCO Software, Inc. Spotfire Automation Services is a suite of tools for running automated analyses; Spotfire Professional is a comprehensive analytics platform for all aspects of business analysts and users. Spotfire Professional is a...

Bypassing Device-Resource Restrictions

Cordova is vulnerable to the bypass of intended device-resource restrictions. Leveraging on an event-based bridge, a library clone, and an IFRAME script execution, a remote attacker is able to directly access bridge JavaScript objects as demonstrated by certain cordova.require calls...

CVE-2016-0218

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security...

Cross site scripting

IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,...

CVE-2016-2924

IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,...

CVE-2016-0265

IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL ...

CVE-2016-0265

IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL ...

Bypassing Device-Resource Restrictions

Cordova is vulnerable to the bypass of intended device-resource restrictions. Leveraging on an event-based bridge, a library clone, and an IFRAME script execution, a remote attacker is able to wait for a certain amount of time for an OnJsPrompt handler return value as an alternative to correct...

BINOM3 Electric Power Quality Meter (Update A)

CVSS v3 10 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: BINOM3 Equipment: Electric Power Quality Meter Vulnerabilities: Cross-site scripting, access control issues, cross-site request forgery CSRF, sensitive information stored in clear-text, and weak credentials management...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2017-01082)

Cisco Unified Communications Manager is a call processing component of a Cisco IP telephony solution. A cross-site scripting vulnerability exists in Cisco Unified Communications Manager that stems from a failure to validate user input. An attacker could use this vulnerability to execute arbitrary...

Cisco NetFlow Generation Appliance Cross-Site Scripting Vulnerability

The Cisco NetFlow Generation Appliance is a scalable cost-effective solution for traffic visibility in today's high-performance data centers. A cross-site scripting vulnerability exists in the Cisco NetFlow Generation Appliance that stems from a failure to properly validate user input. An attacke...

b2evolution cross-site scripting vulnerability (CNVD-2017-01089)

b2evolution is a PHP and MySQL based blogging software developed by software developer Francois Planque. A cross-site scripting vulnerability exists in b2evolution due to a failure of the program to properly validate user input. An attacker could use this vulnerability to execute arbitrary script...

HP Diagnostics Cross-Site Scripting Vulnerability

HP Diagnostics is a suite of end-to-end application management, monitoring, diagnostic analysis and troubleshooting solutions from Hewlett-Packard. A cross-site scripting vulnerability exists in HP Diagnostics. An attacker can exploit this vulnerability to execute arbitrary script code in a user'...

Olive Diary DX vulnerable to cross-site scripting

Overview Olive Diary DX provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the page parameter. Impact An artbitrary script may be executed on the user's web browser. Solution Do not use Olive Diary DX Olive Diary DX is no longer being develop...

Atlassian Confluence HTML Injection Vulnerability

Atlassian Confluence is a professional enterprise knowledge management and collaboration software that can also be used to build enterprise WiKi. An HTML injection vulnerability exists in Atlassian Confluence. An attacker can exploit the vulnerability to execute arbitrary script code in the brows...

BitTorrent API Cross-Site Scripting Vulnerability

BitTorrent is a set of peer-to-peer file uploading and downloading software based on the BitTorrent protocol from the American company BitTorrent. A cross-site scripting vulnerability exists in BitTorrent. An attacker can exploit this vulnerability to execute arbitrary script code in the browser ...

SAP HANA Cockpit Cross-Site Scripting Vulnerability

SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions, users can directly query and analyze a large amount of real-time business data. A cross-site scripting vulnerability exists in SAP HANA. As the program fails to properly filter...

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability CWE-79 due to an issue in "Messages" function of Cybozu Garoon Keitai. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...

Cisco AsyncOS Software for Email Security Appliances Cross-Site Scripting Vulnerability

Cisco AsyncOS Software for Email Security Appliances ESA is a set of operating systems used in Email Security Appliances ESA from Cisco USA. A cross-site scripting vulnerability exists in Cisco AsyncOS Software for ESA that stems from a failure to adequately filter user-submitted input. An attack...