Design/Logic Flaw

Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be...

WESEEK GROWI cross-site scripting vulnerability (CNVD-2018-26771)

WESEEK GROWI is a suite of team collaboration software from WESEEK Japan. A cross-site scripting vulnerability exists in WESEEK GROWI version 3.2.3 and earlier versions, which can be exploited by a remote attacker to execute arbitrary script in a user's web browser...

CVE-2018-6081

XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page...

WordPress plugin LearnPress cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin LearnPress, which can be exploited by an attacker to...

CVE-2018-16226

A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 v8839a1 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack, due to insufficient validation for the start.asp page. A successful exploit could allow th...

Ekushey Project Manager CRM Cross-Site Scripting Vulnerability

Ekushey Project Manager CRM is a project management application. The program features project management, client management and team management. A cross-site scripting vulnerability exists in Ekushey Project Manager CRM version 3.1. A remote attacker can exploit this vulnerability to inject...

WordPress Plugin Jibu Pro Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Jibu Pro, which can be exploited by an attacker to execut...

Script injection vulnerability in multiple Yamaha Corporation products (CNVD-2018-16849)

Yamaha Broadband VoIP Router RT57i and others are Yamaha Corporation router products. A script injection vulnerability exists in multiple Yamaha Corporation products, where an administrator with malicious intent could embed arbitrary scripts into an administrative screen in a scenario where...

CVE-2017-15429

Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

Design/Logic Flaw

Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

CVE-2017-15429

The CVE-2017-15429 entry concerns Google Chrome prior to 63.0.3239.108, where an insecure implementation in V8 WebAssembly JS bindings could allow a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. Affected component is the V8 bindings used by Chrome’s WebAssemb...

CVE-2017-15429

Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

CVE-2017-15429

Removed by vendor...

CVE-2017-15430

Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

Input validation

Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

CVE-2017-15430

Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

CVE-2017-15430

CVE-2017-15430 affects the Chromecast plugin in Google Chrome prior to 63.0.3239.84. Root cause: insufficient data validation in the Chromecast plugin. Impact: remote attacker could inject arbitrary scripts/HTML (UXSS) via a crafted HTML page. Public references note the vulnerability in Chrome’s ...

Multiple Cross-Site Scripting Vulnerabilities in WordPress Snazzy Maps Plugin

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple cross-site scripting vulnerabilities exist in the WordPress Snazzy Maps plugin, which can be exploited by an attacke...

CVE-2018-0558

Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors...

Artica Pandora FMS Information Disclosure Vulnerability (CNVD-2018-23787)

Artica Pandora FMS Flexible Monitoring System is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS. The vulnerability can be exploited to ca...