CVE-2017-1208

IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

Elastic Kibana Cross Site Scripting Vulnerability (Jul 2017)

Elastic Kibana is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross site scripting

Cross-site scripting XSS vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter...

CVE-2017-9419

Cross-site scripting XSS vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter...

CVE-2016-9973

IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 120209...

Cross site scripting

Cross site scripting XSS vulnerability in pages.editform.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATHINFO in an acp.php URL, due to use of unsanitized $SERVER'PHPSELF' to generate URLs...

CVE-2017-9420

Cross site scripting XSS vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter...

CVE-2017-9420

Cross site scripting XSS vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter...

Apple WebKit / Safari 10.0.3(12602.4.8) - 'Editor::Command::execute' Universal Cross-Site Scripting

document-updateLayoutIgnorePendingStylesheets; return mcommand-executemframe, triggeringEvent, msource, parameter; This method is invoked under an |EventQueueScope|. But |updateLayoutIgnorePendingStylesheets| invokes |MediaQueryMatcher::styleResolverChanged| that directly calls |handleEvent| not...

Cross site scripting

IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732...

Cross-Site Scripting (XSS)

atlas-dashboardv2 is vulnerable to cross-site scripting XSS attacks. The library does not sanitize the user input in the edit-tag function, allowing a malicious user to inject and execute arbitrary javascript...

Cross-Site Scripting (XSS)

atlas-dashboardv2 is vulnerable to reflected cross-site scripting XSS attacks. The search function does not sanitize the search queries that are passed to the application, allowing a malicious user to inject and execute arbitrary javascript...

Cross Frame Scripting

atlas-dashboardv2 is vulnerable to cross frame scripting. The library allows the use of external frames on the index page, allowing a malicious user to inject and execute arbitrary javascript via an iframe...

JVN#87760109: Nessus vulnerable to cross-site scripting

Nessus provided by Tenable Network Security, Inc. contains a stored cross-site scripting vulnerability CVE-2017-2122. An authenticated user may store crafted contents to Nessus. According to the developer, another stored cross-site scripting vulnerability CVE-2017-5179 was found and fixed in Ness...

CVE-2016-9980

IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Forc...

CVE-2015-7893

SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript...

CVE-2015-7893

SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript...

CVE-2016-3031

IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998887...

CVE-2016-9990

IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998824...

CVE-2017-6797

A cross-site scripting XSS vulnerability in bugchangestatuspage.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'actiontype' parameter...