Cross site scripting

Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field...

CVE-2018-13308

Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field...

CVE-2018-13312

Cross-site scripting in noticegen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field...

CVE-2018-13309

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password...

CVE-2018-13310

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username...

Cross site scripting

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username...

CVE-2018-13309

Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password...

Cross-Site Scripting (XSS)

Dojo Toolkit is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of a user...

Cross-Site Scripting (XSS)

flowplayer is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser by via the callback parameter using URL encoding. This vulnerability exists due to an incomplete fix for CVE-2013-7342...

Cross-site Scripting (XSS)

graylog-web-interface is vulnerable to a cross-site scripting XSS attack. The library does not properly escape the text in the Dashboard, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-Site Scripting (XSS)

DotNetNuke.Web is vulnerable to cross-site scripting. The Telerik HTML editor allows remote attackers to inject arbitrary Javascript into a victim's browser to steal session cookies and perform unwanted actions on behalf of the user...

Cross-Site Scripting (XSS)

DotNetNuke.Core is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via a crafted URL containing text that is used within a modal popup...

Cross site scripting

A stored xss in tianma-static module versions =1.0.4 allows an attacker to execute arbitrary javascript...

CVE-2018-16474

A stored xss in tianma-static module versions =1.0.4 allows an attacker to execute arbitrary javascript...

CVE-2018-16474

A stored xss in tianma-static module versions =1.0.4 allows an attacker to execute arbitrary javascript...

CVE-2018-16474

CVE-2018-16474 concerns the Node.js module tianma-static . Concrete details show that all versions up to 1.0.4 are vulnerable to a stored XSS if an attacker can control the name of a file served by the module. Affected condition: filenames unsanitized, enabling arbitrary JavaScript execution when...

CVE-2018-6906

A persistent Cross Site Scripting XSS vulnerability in the Green Electronics RainMachine Mini-8 2nd Generation and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API...

Cross-Site Scripting (XSS)

resque is vulnerable to cross-site scripting. User input is not HTML encoded in lib/resque/server/views/queues.erb before displaying on a user's browser, which would allow remote attackers to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions o...

Cross-Site Scripting (XSS)

camaleoncms is vulnerable to cross-site scripting. Files uploaded via the media uploader are not validated. This allows a remote attacker to inject arbitrary Javascript into a victim's browser via the filename parameter...

Cross site scripting

IBM Spectrum Symphony 7.2.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 146341...