3229 matches found
Cross site scripting
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username...
CVE-2018-13310
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username...
CVE-2018-13309
Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password...
Cross-Site Scripting (XSS)
Dojo Toolkit is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of a user...
Cross-Site Scripting (XSS)
flowplayer is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser by via the callback parameter using URL encoding. This vulnerability exists due to an incomplete fix for CVE-2013-7342...
Cross-site Scripting (XSS)
graylog-web-interface is vulnerable to a cross-site scripting XSS attack. The library does not properly escape the text in the Dashboard, allowing a malicious user to inject and execute arbitrary Javascript...
Cross-Site Scripting (XSS)
DotNetNuke.Web is vulnerable to cross-site scripting. The Telerik HTML editor allows remote attackers to inject arbitrary Javascript into a victim's browser to steal session cookies and perform unwanted actions on behalf of the user...
Cross-Site Scripting (XSS)
DotNetNuke.Core is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via a crafted URL containing text that is used within a modal popup...
Cross site scripting
A stored xss in tianma-static module versions =1.0.4 allows an attacker to execute arbitrary javascript...
CVE-2018-16474
A stored xss in tianma-static module versions =1.0.4 allows an attacker to execute arbitrary javascript...
CVE-2018-16474
A stored xss in tianma-static module versions =1.0.4 allows an attacker to execute arbitrary javascript...
CVE-2018-16474
CVE-2018-16474 concerns the Node.js module tianma-static . Concrete details show that all versions up to 1.0.4 are vulnerable to a stored XSS if an attacker can control the name of a file served by the module. Affected condition: filenames unsanitized, enabling arbitrary JavaScript execution when...
CVE-2018-6906
A persistent Cross Site Scripting XSS vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API...
Cross-Site Scripting (XSS)
resque is vulnerable to cross-site scripting. User input is not HTML encoded in lib/resque/server/views/queues.erb before displaying on a user's browser, which would allow remote attackers to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions o...
Cross-Site Scripting (XSS)
camaleoncms is vulnerable to cross-site scripting. Files uploaded via the media uploader are not validated. This allows a remote attacker to inject arbitrary Javascript into a victim's browser via the filename parameter...
Cross site scripting
IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 146341...
IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2018-20672)
IBM Rational Collaborative Lifecycle Management CLM and so on are the products of IBM Corporation in the U.S.A. IBM Rational Collaborative Lifecycle Management is a set of collaborative lifecycle management solutions.Rational IBM Rational Collaborative Lifecycle Management CLM is a collaborative...
Shopify: H1514 Stored XSS in Return Magic App portal content
Summary: Stored XSS vulnerability was found in return magic app portal content which executes in the application domain in https://services.alveo.io/dashboard-shopify/settings/portal/content Description: It's been found that Return Magic app allows users to add HTML content to their return portal...
CVE-2018-1691
IBM Rational Quality Manager RQM 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
CVE-2018-9079
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model DOM of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the...