CVE-2017-1000239

InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site...

CVE-2017-1000239

InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site...

CVE-2016-3049

IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 114712...

Cross-site Scripting (XSS) Through SVG Documents

silverstripe/installer and silverstripe/framework are vulnerable to cross-site scripting XSS attacks. These attacks are possible because the Insert Media option within the content editor, and the pathname in admin/assests/add allow attackers to insert SVG documents containing arbitrary javascript...

CVE-2016-6800

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not...

Multiple Vulnerabilities in Splunk Enterprise and Splunk Lite

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze machine-generated data, including data generated by all IT systems and infrastructures physical, virtual, and cloud.Splunk Enterprise is...

CVE-2017-6053

A Cross-Site Scripting issue was discovered in Trihedral VTScada Versions prior to 11.2.26. A cross-site scripting vulnerability may allow JavaScript code supplied by the attacker to execute within the user's browser...

CVE-2017-1278

IBM DOORS Next Generation DNG/RRC 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756...

Certec EDV GmbH atvise scada cross-site scripting vulnerability

Certec EDV GmbH is based in Austria. atvise is a web-based HMI monitoring and data acquisition system. A cross-site scripting vulnerability exists in Certec EDV GmbH atvise scada. An attacker may be able to exploit this vulnerability to execute arbitrary script code in the browser of an...

CVE-2017-7247

Multiple Cross-Site Scripting XSS were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data torrents, size passed to the 'Gazelle-master/sections/tools/managers/multiplefreeleech.php' URL. An attacker could execute arbitrary HTML...

Cross site scripting

Multiple Cross-Site Scripting XSS were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data torrents, size passed to the 'Gazelle-master/sections/tools/managers/multiplefreeleech.php' URL. An attacker could execute arbitrary HTML...

Cross site scripting

Multiple Cross-Site Scripting XSS issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data element, state, cat, id, cid passed to the EPESI-master/modules/Utils/Watchdog/subscribe.php URL. An attacker could execute arbitrary HTML and...

Cross site scripting

A Cross-Site Scripting XSS issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data errorMsg passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2017-02007)

Cisco Unified Communications Manager CUCM, Unified CM is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting vulnerability exists i...

Wordpress filedownload plugin has unspecified vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language. filedownload is one of the file download plugin. A security vulnerability exists in Wordpress filedownload plugin v1.4, which can be exploited by an attacker to execute malicious code on a...

Splunk cross-site scripting vulnerability (CNVD-2016-05864)

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index and analyze machine-generated data, including data generated by all IT systems and infrastructures physical, virtual and cloud. A cross-site scriptin...

ILIAS Cross-Site Scripting Vulnerability

ILIAS is a Web-based learning management system. It provides course management, email, instant messaging, forums, group collaboration, file sharing, writing tools, exam systems, personal desktops, and more. Provides contextual help system for learning and writing. Supports CAS, SOAP, RADIUS, LDAP...

JVN#56167268: HumHub vulnerable to cross-site scripting

HumHub is a software framework for developing a social networking service SNS. HumHub contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provide...

Achievo cross-site scripting vulnerability (CNVD-2016-03590)

Achievo is a WEB-based project management tool for business environments. A cross-site scripting vulnerability exists in Achievo, where an attacker can execute arbitrary HTML and script code in a user's browser in the context of an affected website due to input filtering errors in parameters...

New Relic: Stored Cross-Site Scripting via Angular Template Injection

It's possible to inject angular expressions into the account settings of a new relic account. This, combined with an angular sandbox escape allows for persistant cross-site scripting which is executed in the browser of any user visiting the affected page. The execution of which could be used to...