Cross site scripting

Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter function. An attacker could exploit this via user interaction to execute code in the user's browser...

The vulnerability of the Oracle Secure Global Desktop administration console allows for the execution of arbitrary code in the user’s browser or access to confidential information.

The vulnerability of Oracle Secure Global Desktop administration consoles exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the user’s browser or gain access to confidential information...

The vulnerability of the Team Foundation Server’s project management and version control system arises from the lack of measures taken to protect the website structure. This allows attackers to execute arbitrary code in users’ browsers.

The vulnerability of the Team Foundation Server project management and version control system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the user’s browser...

The vulnerability of the userprefs component in the software platform for collaborative development of SAP NetWeaver Development Infrastructure Cockpit allows a attacker to execute arbitrary code.

The vulnerability of the userprefs component /nwdicockpit/srv/data/ of the software development platform for SAP NetWeaver Development Infrastructure Cockpit is related to the lack of protective measures for the web page structure. Exploiting this vulnerability allows a malicious actor to execute...

Philips e-Alert Cross-Site Scripting Vulnerability

Philips e-Alert is an electronic alert solution for MRI systems from Philips in the Netherlands, which is used to monitor and alert on MRI system performance. A cross-site scripting vulnerability exists in Philips e-Alert R2.1 and prior versions. An attacker can exploit this vulnerability to...

Multiple vulnerabilities in Jenkins Global Build Stats plugin (CNVD-2018-15256)

Jenkins is the open source automation server.Jenkins provides numerous plug-ins that support building, deploying, and automating projects.Global Build is a plug-in that allows two different geographically located Jenkins to automatically trigger each other to work. The Jenkins Global Build Stats...

Easy Hosting Control Panel Cross-Site Scripting Vulnerability

Easy Hosting Control Panel EHCP is an open source hosting control panel that is used to manage domains, emails, ftp users and more. A cross-site scripting vulnerability exists in EHCP version 0.37.12.b. The vulnerability stems from the program failing to properly validate user input. A remote...

MediaWiki SyntaxHighlight Extended HTML Injection Vulnerability

MediaWiki is a free, web-based wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers for the deployment of in-house knowledge management and content management systems. An HTML injection vulnerability exists in the MediaWiki SyntaxHighlight extension, which ste...

PowerDNS Authoritative Server Module Cross-Site Scripting Vulnerability

PowerDNS Recursive Server is a high-end name resolution server. A cross-site scripting vulnerability exists in PowerDNS Recursor 4.0.6 and earlier versions, which can be exploited by an attacker to execute arbitrary code in a user's browser at an affected site...

Apache Atlas Cross-Site Scripting Vulnerability (CNVD-2017-27441)

Apache Atlas is a set of scalable and extensible core functional governance services from the Apache USA Software Foundation. A cross-site scripting vulnerability exists in Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating. An attacker could exploit this vulnerability to execute arbitra...

WordPress Arabic Font Plugin Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Arabic Font plugin. An attacker can exploit this vulnerability t...

WordPress IBPS Online Exam Plugin Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress IBPS Online Exam plugin. An attacker can exploit this...

phpbb Cross Site Scripting Vulnerability

phpBB is phpBB group developed a set of open-source use of PHP language development of Web forum software . The software has support for multiple languages , support for multiple databases and customized layout and so on. phpBB has a cross-site scripting vulnerability. Attackers can use this...

Cross site scripting

A Cross-Site Scripting XSS was discovered in pi-engine/pi 2.5.0. The vulnerability exists due to insufficient filtration of user-supplied data preview passed to the "pi-develop/www/script/editor/markitup/preview/markdown.php" URL. An attacker could execute arbitrary HTML and script code in a...

Cross site scripting

Multiple Cross-Site Scripting XSS were discovered in SLiMS 7 Cendana before 2017-03-16. The vulnerabilities exist due to insufficient filtration of user-supplied data id passed to the 'slims7cendana-master/template/default/detailtemplate.php' and...

CVE-2017-6533

A Cross-Site Scripting XSS issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data benchmark passed to the webpagetest-master/www/benchmarks/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2017-01513)

Cisco IOS is a popular Internet operating system.Cisco Unified Communications Manager is a call-processing component of the Cisco IP telephony solution. A cross-site scripting vulnerability exists in Cisco Unified Communications Manager that stems from a failure to adequately validate user input...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2016-11328)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A cross-site...

Google Chrome PDFium heap buffer overflow vulnerability (CNVD-2016-07206)

Google Chrome is the United States Google Google company developed a Web browser. PDFium is one of the open source PDF rendering engine. A heap buffer overflow vulnerability exists in PDFium in versions of Google Chrome prior to 53.0.2785.89. An attacker could exploit this vulnerability to execut...

Trend Micro Worry-Free Business Security and Worry-Free Business Security Services HTTP Header Injection Vulnerability

Trend Micro Worry-Free Business Security and Worry-Free Business Security Services are both antivirus programs from Trend Micro. An HTTP header injection vulnerability exists in Trend Micro Worry-Free Business Security version 9.0 and Worry-Free Business Security Services version 5.x, which can b...