Cross-site Scripting (XSS)

nzedb/nzedb is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of the page variable in the rendered 404 page, causing arbitrary scripts to execute...

CVE-2018-11235

In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...

Cross-site Scripting (XSS)

@ckeditor/ckeditor5-link is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of escaping for the a href attributes, allowing arbitrary scripts to be executed...

JVN#52319657: Multiple cross-site scripting vulnerabilities in Cybozu Mailwise

Cybozu Mailwise contains multiple cross-site scripting vulnerabilities below. Stored cross-site scripting vulnerability in "E-mail Details Screen" CWE-79 - CVE-2018-0557 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

Cross site scripting

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...

CVE-2018-9101

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...

CVE-2018-9104

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...

CVE-2018-9101

A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...

CVE-2018-0551

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2018-1182

An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels hardware appliance and software bundle deployments only; RSA Via Lifecycle and Governance version 7.0, all patch levels hardware appliance and software bundle deployments only; RSA Identit...

Design/Logic Flaw

An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels hardware appliance and software bundle deployments only; RSA Via Lifecycle and Governance version 7.0, all patch levels hardware appliance and software bundle deployments only; RSA Identit...

CVE-2018-1182

An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels hardware appliance and software bundle deployments only; RSA Via Lifecycle and Governance version 7.0, all patch levels hardware appliance and software bundle deployments only; RSA Identit...

CVE-2018-1182

CVE-2018-1182 affects EMC RSA Identity Governance and Lifecycle (versions 7.0.1 and 7.0.2), RSA Via Lifecycle and Governance (version 7.0), and RSA Identity Management & Governance (RSA IMG) (versions 6.9.0 and 6.9.1). The issue allows certain OS-level users to execute arbitrary scripts with root...

Cross-site Scripting (XSS)

wicket-jquery-ui-plugins and wicket-kendo-ui are vulnerable to cross-site scripting XSS attacks. These attacks are possible because the WYSIWYG editor allows attackers to enter and execute arbitrary scripts...

WonderCMS File Upload Cross-Site Scripting Vulnerability

WonderCMS is a PHP-based content management system CMS.File Upload is one of the file upload function modules. A cross-site scripting vulnerability exists in File Upload in WonderCMS version 2.4.0. An attacker can exploit this vulnerability to execute arbitrary scripts on a user's browser...

WordPress WooCommerce plugin cross-site scripting vulnerability (CNVD-2018-05177)

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WooCommerce plugin is one of the free e-commerce plugin. A cross-site scripting vulnerability exists in WordPress...

Radiant CMS Cross-Site Scripting Vulnerability

Radiant CMS is a free and open source content management system designed for small teams. A cross-site scripting vulnerability exists in Radiant CMS version 1.1.4 due to the system failing to effectively filter user-supplied data. The vulnerability can be exploited by an attacker to execute...

Deserialization Command Execution Vulnerability in jeecms version 9.2

JEECMS is Jiangxi Jinlei Technology Development Co., Ltd. developed a support for WeChat small program, WeChat public number / service number, column model, content model cross-customization, as well as with the payment and financial settlement of the content of the e-commerce as one of the conte...

CVE-2017-5124

Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted MHTML page...

CVE-2017-5124

Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted MHTML page...