Cross-site Scripting (XSS)

Apache Sling XSS is vulnerable to cross-site scripting XSS attacks. The application does not properly encode or escape URLs, allowing a malicious user to inject and execute arbitrary Javascript...

rails_admin rails gem XSS vulnerability

Summary An exploitable XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim’s browser. An attacker can phish an...

Cross-site Scripting (XSS)

marked is vulnerable to cross-site scripting XSS attacks. The library does not properly escape URLs when mangling is disabled, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-site Scripting (XSS)

radiant-markdownfilter-extension is vulnerable to cross-site scripting XSS attacks. The application does not properly escape html elements before rendering them, allowing a malicious user to inject and execute arbitrary Javascript...

CVE-2017-17792

Cross site scripting XSS vulnerability in the markupcleanhref function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment...

Cross site scripting

Cross site scripting XSS vulnerability in the markupcleanhref function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment...

CVE-2017-17792

Cross site scripting XSS vulnerability in the markupcleanhref function in inc/conv.php in BlogoText through 3.7.6 allows remote attackers to inject arbitrary JavaScript via a comment...

CVE-2017-1549

IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 131289...

CVE-2017-1498

IBM Connections 5.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 129020...

Geovap Reliance SCADA XSS Vulnerability

Geovap Reliance SCADA is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross site scripting

A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst aka First Name field for the employee details page /employee.html that is then reflected in multiple pages where...

CVE-2017-16819

A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst aka First Name field for the employee details page /employee.html that is then reflected in multiple pages where...

Cross-site Scripting (XSS)

October CMS is vulnerable to cross-site scripting XSS attacks. The library does not properly sanitize the brand logo image name, allowing a malicious user to inject and execute arbitrary Javascript...

Elevation Of Privileges

Apache Cordova In-App-Browser is vulnerable to elevation of privileges through cross-site scripting XSS attacks. The callback identifiers are not correctly validated which allows attackers to execute arbitrary JavaScript within the host page. Using this flaw, the attackers can use a gab-iab to ga...

Cross site scripting

A Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter...

CVE-2017-7733

A Cross-Site-Scripting XSS vulnerability in Fortinet FortiOS 5.4.0 to 5.4.5 and 5.6.0 allows a remote unauthenticated attacker to execute arbitrary javascript code via webUI "Login Disclaimer" redir parameter...

IBM Daeja ViewONE Cross-Site Scripting Vulnerability

IBM Daeja ViewONE is a document viewer from IBM that supports TIFF, PDF and Office-based documents.IBM Daeja ViewONE Virtual, Daeja ViewONE Standard and Daeja ViewONE Professional are its different Daeja ViewONE Virtual, Daeja ViewONE Standard and Daeja ViewONE Professional are different versions...

Cross-site Scripting (XSS)

mistune is vulnerable to cross-site scripting XSS attacks. These attacks can be conducted by inserting an unexpected newline or by using an email address to execute arbitrary Javascript...

IBM Rational Engineering Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2017-33351)

IBM Rational Engineering Lifecycle Manager RELM is a suite of engineering lifecycle management software from IBM in the United States. A cross-site scripting vulnerability exists in IBM RELM. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

CVE-2017-9537

Persistent cross-site scripting XSS in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters...