IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2018-20672)

IBM Rational Collaborative Lifecycle Management CLM and so on are the products of IBM Corporation in the U.S.A. IBM Rational Collaborative Lifecycle Management is a set of collaborative lifecycle management solutions.Rational IBM Rational Collaborative Lifecycle Management CLM is a collaborative...

Shopify: H1514 Stored XSS in Return Magic App portal content

Summary: Stored XSS vulnerability was found in return magic app portal content which executes in the application domain in https://services.alveo.io/dashboard-shopify/settings/portal/content Description: It's been found that Return Magic app allows users to add HTML content to their return portal...

CVE-2018-1691

IBM Rational Quality Manager RQM 5.0 through 5.02 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

CVE-2018-9079

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model DOM of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the...

CVE-2018-1820

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 150096...

CVE-2018-1660

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-force ID: 1448...

CVE-2018-1716

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 1471...

CVE-2018-1560

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

CVE-2018-10497

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists...

BTITeam XBTIT cross-site scripting vulnerability (CNVD-2019-28274)

XBTIT is an open source tracking software. A reflective cross-site scripting vulnerability exists in the 'keywords' parameter in the search function in /index.php?page=forums&action=search in BTITeam XBTIT 2.5.4. The vulnerability can be exploited to execute arbitrary JavaScript code in a user's...

Cross-site Scripting (XSS)

github.com/portainer/portainer is vulnerable to cross-site scripting XSS attacks. The library does not use HTTP Secure Headers, allowing a malicious user to inject and execute arbitrary Javascript through the Team Name field...

Cross-site Scripting (XSS)

editor.md is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the user input before rendering the markdown, allowing a malicious user can inject and execute arbitrary Javascript through the editor...

Cross-site Scripting (XSS)

EWSoftware.SHFB is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize parameters passed through the URL, allowing a malicious user to inject and execute arbitrary Javascript...

Pimcore Cross-Site Scripting Vulnerability

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce framework and product information management applications. A cross-site scripting vulnerability exists in...

Cross-Site Scripting (XSS)

marked is vulnerable to cross-site scripting XSS. The HTML output of the demo page is not sanitized and allows remote attackers to inject arbitrary Javascript code into a victim's browser...

CVE-2018-1715

IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the filename when a file is uploaded, allowing a malicious user to inject and execute arbitrary Javascript...

Cross site scripting

IBM Rhapsody Model Manager 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 145510...

LAMS < 3.1 - Cross-Site Scripting Vulnerability

Exploit for java platform in category web applications Exploit Title: LAMS 3.1 - Cross-Site Scripting Exploit Author: Nikola Kojic Website: https://ras-it.rs/ Vendor Homepage: https://www.lamsfoundation.org/ Software Link: https://www.lamsfoundation.org/downloadshome.htm Category: Web Application...

Cross-site Scripting (XSS)

tomee-webapp is vulnerable to cross-site scripting XSS attacks. The library does not properly handle URLs, allowing a malicious user to inject and execute arbitrary Javascript through it...