Cross site scripting

IBM Rational Quality Manager and IBM Rational Collaborative Lifecycle Management 5.0 through 5.0.2 and 6.0 through 6.0.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially...

Security Bulletin: Vulnerabilities in IBM WebSphere Application Server affect IBM Spectrum Protect for Workstations (formerly Tivoli Storage Manger FastBack for Workstations) Central Administration Console (CVE-2017-1380, CVE-2017-1381)

Summary Vulnerabilities in IBM WebSphere Application Server affect IBM Spectrum Protect for Workstations formerly Tivoli Storage Manager FastBack for Workstations Central Administration Console can allow users to embed arbitrary JavaScript code in the Web UI or allow a local attacker to obtain...

SA162: Multiple ASG and ProxySG Vulnerabilities

SUMMARY The Symantec ASG and ProxySG management consoles are susceptible to several vulnerabilities. A remote attacker, with access to the management console, can cause denial of service through management console application crashes. A malicious appliance administrator can also inject arbitrary...

GHSA-82GW-PQF7-Q3J2 pym.js CSRF Vulnerability

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross Site Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 can result in Arbitrary javascript code execution. This attack appears to be...

Cross site request forgery (csrf)

NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a Cross ite Request Forgery CSRF vulnerability in Pym.js onNavigateToMessage function. https://github.com/nprapps/pym.js/blob/master/src/pym.jsL573 that can result in Arbitrary javascript code execution. This attack appear to be...

Cross site scripting

Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1. In certain scenarios it was possible to execute arbitrary JavaScript code in the context of vulnerable application, via user.Context in the Object Selector,...

CVE-2017-7427

CVE-2017-7427 affects Micro Focus Identity Manager/iManager Plug-in (version 2.7.7.7 and prior to 4.6.1). The vulnerability is a family of multiple cross-site scripting (XSS) flaws that allow an attacker to execute arbitrary JavaScript in the context of the vulnerable application. Exploitation pa...

Design/Logic Flaw

Marked 2 through 2.5.11 allows remote attackers to read arbitrary files via a crafted HTML document that triggers a redirect to an x-marked://preview?text= URL. The value of the text parameter can include arbitrary JavaScript code, e.g., making XMLHttpRequest calls...

Joomla 'Chromes' module XSS Vulnerability

Joomla is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...

Cross site scripting

A Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter...

CVE-2017-7733

A Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter...

CVE-2016-6800

CVE-2016-6800 affects the Apache OFBiz blog feature: unsanitized input in the summary/article fields allows injection of arbitrary JavaScript, which is executed in users’ browsers visiting the article. Mitigation is to upgrade to Apache OFBiz 16.11.01. This vulnerability detail is supported by th...

Cross site scripting

IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2017-12062

An XSS issue was discovered in manageuserpage.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled...

Cross site scripting

An XSS issue was discovered in manageuserpage.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled...

Cross site scripting

IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 125732...

Stored Cross-Site Scripting (XSS)

Apache Ranger is vulnerable to stored cross-site scripting XSS attacks. When entering custom policy conditions, admin users can store some arbitrary javascript code to be executed when normal users login and access policies...

Pootle Server < 2.7.3 Multiple XSS Vulnerabilities

Pootle server is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

PYSEC-2015-25

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types...

CVE-2015-5379: Axigen XSS vulnerability for html attachments

CVEID: CVE-2015-5379 SUBJECT: Axigen XSS vulnerability for html attachments DESCRIPTION: Axigen's WebMail Ajax interface implements a view attachment function that executes javascript code that is part of email HTML attachments. This allows a malicious user to craft email messages that could expo...