CVE-2017-1753

Multiple IBM Rational products are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 135655...

Cross site scripting

Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...

CVE-2018-12981

An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be...

IBM Rational Quality Manager HTML Injection Vulnerability (CNVD-2018-19534)

IBM Rational Quality Manager RQM is a collaborative, Web-based quality management solution from IBM. The program provides test planning and test evaluation management methods within the entire software development lifecycle, and the ability to share information, automation to accelerate the proje...

CVE-2017-1242

IBM Quality Manager RQM 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124524...

CVE-2017-1329

IBM Quality Manager RQM 5.0.x and 6.0 through 6.0.5 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 126231...

Cross site scripting

RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. A malicious Operations Console administrator could potentially exploit this vulnerability to store arbitrary HTML or JavaScript code through the web interface. When oth...

SIEMENS SCALANCE M875 Cross-Site Scripting Vulnerability

SCALANCE M industrial routers are used for secure remote access to the plant via mobile networks, e.g. GPRS or UMTS, with integrated security features such as firewalls to prevent unauthorized access and VPNs to protect data transmission. SIEMENS SCALANCE M875 A cross-site scripting vulnerability...

Cross site scripting

JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripti...

EMS Master Calendar Cross Site Scripting

Exploit Title: EMS Master Calendar alert'XSS'xyz...

Malicious Package

Overview Version 0.0.7 of react-server-native contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.7 of this module is found...

Malicious Package

Overview Version 0.0.3 of dynamo-schema contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation If version 0.0.3 of this module is found install...

Cross site scripting in the system log

Date : 2018-04-18 CVE ID : CVE-2018-10125 Description With a manipulated request, an attacker can implant a script which is executed when a logged in back end user opens the system log. The attacker does not have to be logged in. Affected versions Contao 3. up to 3.5.33 Contao 4.0 Contao 4.1 Cont...

NetIQ Access Manager Administration Console Cross-Site Scripting Vulnerability

NetIQ Access Manager NAM is a resource access control solution from NetIQ Corporation. The solution provides multiple authentication, data encryption, single sign-on and SSL VPN for local and remote users.Administration Console is one of the administration console programs. A cross-site scripting...

Drupal cross-site scripting vulnerability (CNVD-2018-05186)

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A cross-site scripting vulnerability exists in Drupal versions 8.4.x prior to 8.4.5 and 7.x prior to 7.57. A remote attacker can exploit this vulnerability to execute...

CVE-2017-2745

Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to execute scripts in a user's browser...

CVE-2017-1000443

Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser...

PowerDNS Recursor API Injection Vulnerability

PowerDNS Recursive Server is a high-end name resolution server. An API injection vulnerability exists in PowerDNS Recursor, which can be exploited by an attacker to execute arbitrary code in a user's browser at an affected site...

CVE-2017-1000236

I, Librarian version =4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site...

CVE-2017-1000236

I, Librarian version =4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site...