Cross-site Scripting (XSS)

Morris.js is vulnerable to cross-site scripting XSS attacks. These attacks are possible through the hovering label names. These labels aren't escaped so if these labels are attacker controlled, malicious script can be executed client side each time a graph is loaded...

Cross-site scripting vulnerability in multiple IBM products (CNVD-2017-05680)

IBM global information technology and business solutions company. A cross-site scripting vulnerability exists in multiple IBM products because it fails to properly filter user-supplied input. An attacker could exploit the vulnerability to execute arbitrary script code in an unsuspecting user's...

CVE-2016-1155

HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies...

CVE-2017-3125

An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker...

CVE-2017-3125

CVE-2017-3125 describes an unauthenticated Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail. Affected versions: FortiMail 5.0.0–5.2.9 and 5.3.0–5.3.8. An attacker can trick a logged-in user into clicking a crafted URL, enabling execution of arbitrary scripts in the user’s browser in...

ASSETBASE vulnerable to cross-site scripting

Overview ASSETBASE provided by UCHIDA YOKO CO., LTD. is an IT asset management tool. ASSETBASE contains a cross-site scripting vulnerability CWE-79. Keitaro Yamazaki of Kyoto University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

Fortinet FortiMail Cross-Site Scripting Vulnerability (CNVD-2017-04565)

Fortinet FortiMail is a mail information security appliance from the U.S. company Fita Fortinet, which provides a message filtering engine, anti-spam and threat defense. A cross-site scripting vulnerability exists in Fortinet FortiMail that stems from a failure to properly filter user-supplied...

CVE-2017-7463

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code with...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

Cisco Unified Communications Manager CUCM, Unified CM is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting vulnerability exists i...

CherryMusic Cross-Site Scripting Vulnerability

CherryMusic is a music streaming server based on CherryPy and jPlayer. A cross-site scripting vulnerability exists in CherryMusic, which can be exploited by an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site, due to the program...

The vulnerability of the Internet Explorer browser, which allows a violator to obtain confidential information

The vulnerability of the VBS script execution mechanism in Internet Explorer is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain confidential information from the process’s memory through a specially crafted...

Gazelle cross-site scripting vulnerability (CNVD-2017-05628)

Gazelle is a set of web frameworks for BitTorrent trackers. A cross-site scripting vulnerability exists in versions of Gazelle prior to 2017-03-19. A remote attacker can exploit the vulnerability to execute arbitrary HTML and script...

Unspecified Cross-Site Scripting Vulnerability in Trend Micro ServerProtect for Linux

Trend Micro ServerProtect for Linux is an enterprise-grade anti-virus program that runs on Linux. An unspecified cross-site scripting vulnerability exists in Trend Micro ServerProtect for Linux, which is caused by a failure to validate user-submitted data. The vulnerability can be exploited to...

CVE-2017-7248

A Cross-Site Scripting XSS was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data type passed to the 'Gazelle-master/sections/better/transcode.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the...

WordPress plugin "YOP Poll" vulnerable to cross-site scripting

Overview The WordPress plugin "YOP Poll" contains a stored cross-site scripting CWE-79 vulnerability. Sho Ueshima, Takashi Honda, Tsuyoshi Ogawa and Minaho Umehara of SIE Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

DEBIAN-CVE-2017-7203

A Cross-Site Scripting XSS was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data postLoginQuery passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and scrip...

Dashbuilder: Reflected XSS

JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder usually admins to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of...

Mozilla Firefox/Thunderbird Memory Corruption Vulnerability (CNVD-2017-03835)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the U.S. Thunderbird is a mail tool adapted from the mail widget of the Mozilla browser. A memory corruption vulnerability exists in Mozilla Firefox/Thunderbird. An attacker can exploit the vulnerability to execu...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2017-03606)

Cisco Unified Communications Manager CUCM, Unified CM is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting vulnerability exists i...

SAP Enterprise Portal 'styleservice' Cross-Site Scripting Vulnerability

SAP Enterprise Portal is a German SAP SAP company's application integration platform, which integrates enterprise business information, enterprise applications and services, etc. together, and in the form of an independent Web-based user interface to the operator. A cross-site scripting...