Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the filename when a file is uploaded, allowing a malicious user to inject and execute arbitrary Javascript...

Cross site scripting

IBM Rhapsody Model Manager 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145510...

LAMS < 3.1 - Cross-Site Scripting Vulnerability

Exploit for java platform in category web applications Exploit Title: LAMS 3.1 - Cross-Site Scripting Exploit Author: Nikola Kojic Website: https://ras-it.rs/ Vendor Homepage: https://www.lamsfoundation.org/ Software Link: https://www.lamsfoundation.org/downloadshome.htm Category: Web Application...

Cross-site Scripting (XSS)

tomee-webapp is vulnerable to cross-site scripting XSS attacks. The library does not properly handle URLs, allowing a malicious user to inject and execute arbitrary Javascript through it...

CVE-2018-1529

IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality...

CVE-2017-1791

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2018-1396

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

Cross site scripting

IBM Rational Quality Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

Cross-site Scripting (XSS)

buttle is vulnerable to cross-site scripting XSS attacks. The library does not sanitize filenames, allowing a malicious user to inject and execute arbitrary Javascript using a iframe tag as a filename...

Cross site scripting

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

Cross-Site Scripting (XSS) in PAN-OS Management Web Interface

A Cross-Site Scripting XSS vulnerability exists in the PAN-OS session browser. Ref. PAN-93244; CVE-2018-9335 Successful exploitation of this issue may allow an attacker to inject arbitrary JavaScript or HTML. An attacker would need to successfully authenticate prior to exploiting this issue. This...

Galaxy server cross-site scripting vulnerability

Galaxy is a web-based open source system for accessing, reproducing, and analyzing biomedicine. galaxy server is one of the servers. A cross-site scripting vulnerability exists in multiple templates of the Galaxy server in Galaxy version 14.10, which stems from the program failing to properly...

DEBIAN-CVE-2018-1000557

OCS Inventory OCS Inventory NG version ocsreports 2.4 contains a Cross Site Scripting XSS vulnerability in login form and search functionality that can result in An attacker is able to execute arbitrary javascript code within a victims' browser. This attack appear to be exploitable via Victim mus...

Cross site scripting

The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting XSS attacks. In this form of attack,...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server affect IBM Spectrum Protect for Workstations (formerly Tivoli Storage Manger FastBack for Workstations) Central Administration Console (CVE-2017-1380, CVE-2017-1381)

Summary Vulnerabilities in IBM WebSphere Application Server affect IBM Spectrum Protect for Workstations formerly Tivoli Storage Manager FastBack for Workstations Central Administration Console can allow users to embed arbitrary JavaScript code in the Web UI or allow a local attacker to obtain...

Security Bulletin: Cross-site Scripting vulnerabilities affect IBM Rational products based on IBM Jazz technology

Summary Potential Cross-site scripting vulnerabilities affect the following IBM Rational Products: Rational Engineering Lifecycle Manager RELM, Rational Rhapsody Design Manager Rhapsody DM Vulnerability Details CVEID: CVE-2016-8975 DESCRIPTION: IBM Rhapsody DM and IBM Rational Engineering Lifecyc...

html-janitor cross-site scripting vulnerability

html-janitor is a module for controlling, cleaning up HTML. A cross-site scripting vulnerability exists in html-janitor. A remote attacker can exploit this vulnerability by sending attacker-controlled data to the 'clean' function to execute arbitrary JavaScript code...

CVE-2018-12090

There is unauthenticated reflected cross-site scripting XSS in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change...

Cross site scripting

There is unauthenticated reflected cross-site scripting XSS in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change...

Samsung Email EML File Parsing Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of EML...