Cross-site Scripting (XSS)

Wordpress is vulnerable to cross-site scripting XSS attacks. A malicious user can pass a javascript: or data: URL to the link modal to inject and execute arbitrary Javascript...

CVE-2015-5181

The CVE-2015-5181 entry concerns Red Hat JBoss A-MQ/JBoss A-MQ Console. The issue is that the JBoss A-MQ console would accept a string containing JavaScript as the name of a new message queue, which leads to remote execution of JavaScript in the console UI. The vulnerability is described in Red H...

Cross-Site Scripting (XSS)

drupal/core is vulnerable to cross-site scripting XSS attacks. The library does not properly encode the label field in the CKEditor, allowing the malicious user to inject and execute arbitrary javascript through it...

Participants Database <= 1.7.5.9 - Cross-Site Scripting

Cross site scripting XSS vulnerability in the Wordpress Participants Database plugin 1.7.59 allows attackers to inject arbitrary javascript via the Name parameter. PoC curl -k -F action=signup -F subsource=participants-database -F shortcodepage=/?pageid=1 -F thankspage=/?pageid=1 -F instanceindex...

Cross-site Scripting (XSS)

automattic/jetpack is vulnerable to cross-site scripting XSS attacks. The library doesn't properly escape the $header parameter in the modules/shortcodes/wufoo.php file, allowing a malicious user to inject and execute arbitrary JavaScript...

CVE-2017-1444

IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128110...

CVE-2016-6800

CVE-2016-6800 affects the Apache OFBiz blog feature: unsanitized input in the summary/article fields allows injection of arbitrary JavaScript, which is executed in users’ browsers visiting the article. Mitigation is to upgrade to Apache OFBiz 16.11.01. This vulnerability detail is supported by th...

IBM Sametime Cross-Site Scripting Vulnerability (CNVD-2017-30589)

IBM Sametime is a suite of next-generation social communication tools from IBM in the United States. The tool helps users realize real-time business collaboration by integrating audio voice, data and video. A cross-site scripting vulnerability exists in IBM Sametime versions 8.5.2 and 9.0. A remo...

Cross site scripting

IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2017-13138

DOM based Cross-site scripting XSS vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript...

CVE-2017-13138

DOM based Cross-site scripting XSS vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript...

Cross site scripting

Stored Cross-site scripting XSS vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality...

CVE-2017-1338

IBM DOORS Next Generation DNG/RRC 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

CVE-2017-1168

IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2017-12062

An XSS issue was discovered in manageuserpage.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled...

Cross site scripting

An XSS issue was discovered in manageuserpage.php in MantisBT 2.x before 2.5.2. The 'filter' field is not sanitized before being rendered in the Manage User page, allowing remote attackers to execute arbitrary JavaScript code if CSP is disabled...

REDDOXX Appliance Cross Site Scripting

Advisory: Cross-Site Scripting in REDDOXX Appliance RedTeam Pentesting discovered a cross-site scripting XSS vulnerability in the REDDOXX appliance software, which allows attackers to inject arbitrary JavaScript code via a crafted URL. Details ======= Product: REDDOXX Appliance Affected Versions:...

CVE-2016-8950

IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 11883...

CVE-2017-1208

IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID:...

Elastic Kibana Cross Site Scripting Vulnerability (Jul 2017)

Elastic Kibana is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...