CA API Developer Portal Cross-Site Scripting Vulnerability

CA API Developer Portal is a set of CA's API Application Programming Interface query function for software developers. A cross-site scripting vulnerability exists in the profile picture handling in CA API Developer Portal versions 3.5 through 3.5 CR6, which stems from the program failing to...

SAP Business Objects Business Intelligence Platform Cross-Site Scripting Vulnerability

SAP Business Objects Business Intelligence Platform is a set of business intelligence software and enterprise performance management platform from SAP. The platform provides reporting, performance management and data base functions. A cross-site scripting vulnerability exists in SAP Business...

canhovinhomes-saigon.com XSS vulnerability

Open Bug Bounty ID: OBB-587404 Description| Value ---|--- Affected Website:| canhovinhomes-saigon.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

McAfee ePolicy Orchestrator Directory Traversal and Cross-Site Scripting Vulnerability

McAfee ePolicy Orchestrator ePO is an industry-leading systems security management solution that helps organizations effectively defend against a wide range of malicious threats and attacks. Directory traversal and cross-site scripting vulnerabilities exist in McAfee ePolicy Orchestrator versions...

SAP NetWeaver RunTime Cross-Site Scripting Vulnerability

SAP NetWeaver RunTime is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A cross-site scripting vulnerability exists in SAP NetWeaver RunTime, which arises from the program's...

Eramba Cross-Site Scripting Vulnerability (CNVD-2018-06086)

Eramba is an open source, enterprise-level IT governance application from Eramba UK. The program features IT security, compliance auditing and analysis, and more. A cross-site scripting vulnerability exists in the error page of the CSV file inclusion tab of /importTool/preview URI in Eramba e...

QQQ SYSTEMS vulnerable to cross-site scripting

Overview QQQ SYSTEMS provided by Gundam Cult QQQ is a CGI script to create quiz pages. quiz.cgi of QQQ SYSTEMS contains a cross-site scripting vulnerability CWE-79. When a user accesses a malicious page and is redirected to a page created with the product, an arbitrary script may be executed on t...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2018-06462)

Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. A cross-site scripting...

Multiple Cross-Site Scripting Vulnerabilities in SAP BI Launchpad

SAP BI Launchpad is the gateway to BO4.0, BO4.0 SAP BusinessObjects a German company SAP SAP provides a wide range of business intelligence software, information management software, enterprise performance management solutions, regulatory, risk and compliance solutions. Multiple cross-site...

Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability (CNVD-2018-05306)

Cisco Data Center Analytics Framework DCAF application is a set of data center analytics frameworks from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the web-based management interface of the Cisco DCAF application, which stems from the program's failure to...

Cisco Prime Service Catalog Cross-Site Scripting Vulnerability (CNVD-2018-05348)

Cisco Prime Service Catalog PSC is a service catalog solution from Cisco USA that provides all IT services through a single portal. The solution supports automated ordering of a unified service catalog for computing, networking, storage, and other data center resources. A cross-site scripting...

JVN#83834277: Multiple vulnerabilities in FS010W

FS010W provided by FUJI SOFT INCORPORATED is a WiFi router. FS010W contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2018-0519 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.3 CVSS v2|...

IBM WebSphere Portal Cross-Site Scripting Vulnerability (CNVD-2018-05492 )

IBM WebSphere Portal consists of middleware, applications called portlets and development tools for building and managing secure business-to-business B2B, business-to-customer B2C and business-to-employee B2E portals. A cross-site scripting vulnerability exists in IBM WebSphere Portal, which coul...

CVE-2018-6823

In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root...

CVE-2017-15706

As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a...

CloudBees Jenkins Active Choices Plugin HTML Injection Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the U.S. CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . Active Choices is used in one o...

WordPress plugin "WP Retina 2x" vulnerable to cross-site scripting

Overview The WordPress plugin "WP Retina 2x" contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on a...

Elasticsearch Kibana Cross-Site Scripting Vulnerability

Elasticsearch Kibana formerly known as elasticsearch-dashboard is a suite of open-source, browser-based analytics and search Elasticsearch dashboard tools from the Dutch company Elasticsearch. A cross-site scripting vulnerability exists in Elasticsearch Kibana versions 5.6.6 and 6.1.2, which stem...

Cross site scripting

Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to execute scripts in a user's browser...

CVE-2017-2745

The CVE-2017-2745 entry concerns HP JetAdvantage Security Manager prior to version 3.0.1, which is susceptible to stored cross-site scripting (XSS). The vulnerability arises in the application’s handling of data in a way that could allow a malicious actor to inject and execute scripts in a user’s...