3612 matches found
Cross site scripting
IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of...
Security Bulletin: A vulnerability in jQuery affects IBM WIoTP MessageGateway (CVE-2020-7656)
Summary There is a vulnerability in jQuery that affects IBM WIoTP MessageGateway. Vulnerability Details CVEID: CVE-2020-7656 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the load method. A remote attacker could exploit this...
CVE-2017-1659
"HCL iNotes is susceptible to a Cross-Site Scripting XSS Vulnerability. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."...
Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability
Summary Asset Analyzer RAA has addressed the following vulnerability. IBM WebSphere Application Server was affected by a cross-site scripting. Vulnerability Details CVEID: CVE-2019-17573 DESCRIPTION: Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
CVE-2020-4082
The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting...
CVE-2020-4082
The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting...
WordPress Resim ara 1.0 Cross Site Scripting
Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Resim ara 1.0 Resim ara is prone to a reflected cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...
Open-Xchange AppSuite Multiple Security Vulnerabilities
Description Open-Xchange AppSuite is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected application. This may let the attacker steal cookie-based authentication...
Atlassian FishEye and Crucible CVE-2019-15008 Cross Site Scripting Vulnerability
Description Atlassian FishEye and Crucible are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based...
Multiple Siemens EN100 Ethernet Modules SSA-418979 Multiple Security Vulnerabilities
Description Multiple Siemens EN100 Ethernet Modules are prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary code, using directory-traversal sequences '../' to retrieve sensitive information and execute arbitrary script code in the browser of an...
Security Bulletin: IBM TRIRIGA Application platform is vulnerable to a cross-site scripting attack. (CVE-2016-2883)
Summary IBM TRIRIGA Application Platform is vulnerable to cross-site scripting that could be used to steal cookie-based authentication credentials. Vulnerability Details CVEID: CVE-2016-2883 DESCRIPTION: IBM TRIRIGA is vulnerable to cross-site scripting, caused by improper validation of...
IBM Case Manager CVE-2019-4426 Cross Site Scripting Vulnerability
Description IBM Case Manager is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...
PT-2019-4283 · Apache +1 · Apache Shiro +1
Name of the Vulnerable Software and Affected Versions: Apache Shiro versions prior to 1.4.2 Description: The issue is related to the use of the default "remember me" configuration in Apache Shiro, which can make cookies susceptible to a padding attack. This could allow a remote attacker to impact...
Moodle CVE-2019-14881 Cross Site Scripting Vulnerability
Description Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attack...
WordPress Prior to 5.2.4 Multiple Security Vulnerabilities
Description WordPress is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...
Cisco Unified Communications Manager CVE-2019-12716 Cross Site Scripting Vulnerability
Description Cisco Unified Communications Manager is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This...
WordPress Checklist 1.1.5 Cross Site Scripting
Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Checklist 1.1.5 Checklist is prone to a reflected cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...
WordPress Ellipsis Human Presence Technology 2.0.8 Cross Site Scripting
Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Ellipsis human presence technology 2.0.8 Ellipsis human presence technology is prone to a reflected cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage...
WordPress Spryng Payments WooCommerce 1.6.7 Cross Site Scripting
Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Spryng payments woocommerce 1.6.7 Spryng payments woocommerce is prone to a reflected cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to...
Jenkins Multiple Security Vulnerabilities
Description Jenkins is prone to the following vulnerabilities: 1. A unauthorized-access vulnerability 2. A cross-site request forgery vulnerability An attacker may leverage these issues to execute arbitrary script code in the browser of the victim in the context of the affected site, steal...