1046 matches found
CVE-2017-15429
The CVE-2017-15429 entry concerns Google Chrome prior to 63.0.3239.108, where an insecure implementation in V8 WebAssembly JS bindings could allow a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. Affected component is the V8 bindings used by Chrome’s WebAssemb...
CVE-2017-15429
Inappropriate implementation in V8 WebAssembly JS bindings in Google Chrome prior to 63.0.3239.108 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
CVE-2017-15429
Removed by vendor...
CVE-2017-15430
Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
Input validation
Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
CVE-2017-15430
CVE-2017-15430 affects the Chromecast plugin in Google Chrome prior to 63.0.3239.84. Root cause: insufficient data validation in the Chromecast plugin. Impact: remote attacker could inject arbitrary scripts/HTML (UXSS) via a crafted HTML page. Public references note the vulnerability in Chrome’s ...
CVE-2017-15430
Insufficient data validation in Chromecast plugin in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
Multiple Cross-Site Scripting Vulnerabilities in WordPress Snazzy Maps Plugin
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple cross-site scripting vulnerabilities exist in the WordPress Snazzy Maps plugin, which can be exploited by an attacke...
CVE-2018-0558
Reflected cross-site scripting vulnerability in Cybozu Mailwise 5.0.0 to 5.4.1 allows remote attackers to inject arbitrary web script or HTML in 'System settings' via unspecified vectors...
Artica Pandora FMS Information Disclosure Vulnerability (CNVD-2018-23787)
Artica Pandora FMS Flexible Monitoring System is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS. The vulnerability can be exploited to ca...
Cross-site Scripting (XSS)
nzedb/nzedb is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of the page variable in the rendered 404 page, causing arbitrary scripts to execute...
CVE-2018-11235
In Git before 2.13.7, 2.14.x before 2.14.4, 2.15.x before 2.15.2, 2.16.x before 2.16.4, and 2.17.x before 2.17.1, remote code execution can occur. With a crafted .gitmodules file, a malicious project can execute an arbitrary script on a machine that runs "git clone --recurse-submodules" because...
Cross-site Scripting (XSS)
@ckeditor/ckeditor5-link is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of escaping for the a href attributes, allowing arbitrary scripts to be executed...
JVN#52319657: Multiple cross-site scripting vulnerabilities in Cybozu Mailwise
Cybozu Mailwise contains multiple cross-site scripting vulnerabilities below. Stored cross-site scripting vulnerability in "E-mail Details Screen" CWE-79 - CVE-2018-0557 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...
Cross site scripting
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...
CVE-2018-9104
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...
CVE-2018-9101
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...
CVE-2018-9101
A vulnerability in the conferencing component of Mitel MiVoice Connect, versions R1707-PREM SP1 21.84.5535.0 and earlier, and Mitel ST 14.2, versions GA27 19.49.5200.0 and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting XSS attack due to insufficient...
CVE-2018-0551
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2018-1182
An issue was discovered in EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels hardware appliance and software bundle deployments only; RSA Via Lifecycle and Governance version 7.0, all patch levels hardware appliance and software bundle deployments only; RSA Identit...