Cross site scripting

Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...

Security Bulletin: A Vulnerabilitiy in IBM ACF(Active Content Filter) affects IBM Cúram(CVE-2015-1917)

Summary IBM Cúram is shipped with IBM Active Content Filtering which is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser...

Security Bulletin: IBM TRIRIGA Application platform is vulnerable to a cross-site scripting attack. (CVE-2016-2883)

Summary IBM TRIRIGA Application Platform is vulnerable to cross-site scripting that could be used to steal cookie-based authentication credentials.. Vulnerability Details CVEID: CVE-2016-2883 DESCRIPTION: IBM TRIRIGA is vulnerable to cross-site scripting, caused by improper validation of...

Security Bulletin: IBM Content Navigator is potentially vulnerable to cross-site scripting, caused by improper validation of user-supplied input (CVE-2015-1888)

Summary IBM Content Navigator is potentially vulnerable to cross-site scripting, caused by improper validation of user-supplied input. Vulnerability Details CVEID: CVE-2015-1888 IBM Content Navigator is vulnerable to cross-site scripting. The vulnerability is caused by improper validation of user...

Security Bulletin: Multiple security vulnerabilities affect the Report Builder and Data Collection Component that are shipped with Jazz Reporting Service (CVE-2016-0350, CVE-2016-0313, CVE-2016-0314, CVE-2016-0315, CVE-2016-2888, CVE-2016-2889)

Summary There are multiple security vulnerabilities in the Report Builder and Data Collection Component DCC shipped with Jazz Reporting Service. Vulnerability Details CVEID: CVE-2016-0350 DESCRIPTION: IBM Jazz Reporting Service JRS is vulnerable to cross-site scripting, caused by improper...

Security Bulletin: Cross-Site Scripting vulnerability in IBM Rational Quality Manager (CVE-2014-4801)

Summary IBM Quality Manager has a cross-site scripting vulnerability. Vulnerability Details CVEID: CVE-2014-4801 Description: IBM Rational Quality Manager is vulnerable to cross-site scripting, caused by improper validation of user supplied input. A remote attacker could exploit this vulnerabilit...

Security Bulletin: IBM Security Guardium is affected by Cross-Site Scripting vulnerability (CVE-2016-0246)

Summary IBM Security Guardium is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web...

Security Bulletin: Cross-site Scripting vulnerability in GDS component of IBM® InfoSphere® Master Data Management - Collaborative Edition (CVE-2014-0967)

Summary IBM® InfoSphere® Master Data Management - Collaborative Edition is vulnerable to cross-site scripting that is caused by improper validation of user-supplied input. A remote attacker can use a specially crafted URL to run scripts in a victim's web browser within the security context of the...

Security Bulletin: Vulnerability in Open Source Dojo ToolKit affects IBM Social Media Analytics (CVE- 2015-5654)

Summary A Dojo ToolKit vulnerability affecting versions of Dojo prior to 1.2 was addressed by IBM Social Media Analytics. An upgrade to Dojo 1.8 was performed. Vulnerability Details CVEID: CVE-2015-5654 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation...

Security Bulletin: Vulnerability in Web Browser XSS Protection affects IBM Algo One - Algo Risk Application (CVE-2016-0390)

Summary Vulnerability in Web Browser XSS Protection Vulnerability Details CVEID: CVE-2016-0390 DESCRIPTION: IBM Algo One - Algo Risk Application is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a...

Security Bulletin: Vulnerability in Web Browser XSS Protection affects IBM Algo One - Algo Risk Application (CVE-2016-0390)

Summary Web Browser XSS Protection Not Enabled, or is disabled by the configuration of the 'X-XSS-Protection' HTTP response header. Affects Algo Risk Application. Vulnerability Details CVEID: CVE-2016-0390 DESCRIPTION: IBM Algo One - Algo Risk Application is vulnerable to cross-site scripting,...

Security Bulletin: XSS Vulnerabilities in IBM Dojo Toolkit affect WebSphere Service Registry and Repository

Summary The IBM Dojo Toolkit shipped with WebSphere Service Registry and Repository contains files with cross-site scripting vulnerabilities. Vulnerability Details CVEID: CVE-2014-8917 DESCRIPTION: IBM Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of...

Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) Process Portal (CVE-2015-0106)

Summary IBM Business Process Manager and WebSphere Lombardi Edition are vulnerable to cross-site scripting, which is caused by the improper validation of user-supplied input. A remote attacker might exploit this vulnerability using a specially crafted URL to execute a script in a user's web brows...

Security Bulletin: Cross-site scripting vulnerabilities in IBM Business Process Manager (BPM) Process Portal (CVE-2015-0105)

Summary IBM Business Process Manager is vulnerable to cross-site scripting, which is caused by the improper validation of user-supplied input. A remote attacker might exploit this vulnerability using a specially crafted URL to execute a script in a user's web browser within the security context o...

Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (BPM) Process Inspector (CVE-2014-6173)

Summary Insufficient user input validation in IBM Business Process Manager's Process Inspector can lead to a cross-site scripting exposure. Vulnerability Details CVE ID: CVE-2014-6173 CVSS Base Score: 3.5 CVSS Temporal Score: See for the current score CVSS Environmental Score: Undefined CVSS...

Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (BPM) redirect-login mechanism (CVE-2014-6101)

Summary IBM Business Process Manager uses a mechanism to silently login users who have previously authenticated themselves. This mechanism is vulnerable to cross-site scripting attacks. Vulnerability Details CVE ID: CVE-2014-6101 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-si...

CVE-2018-11690

The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the...

CVE-2018-11485

The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce - Orders admin page. The attack is possible by modifying the "referralsite" cookie to have an XSS payload, and...

Foxconn FEMTO AP-FC4064-T Weak Password Vulnerability

The Foxconn FEMTO AP-FC4064-T is a home base station device from Foxconn. A security vulnerability exists in the web administration page of the Foxconn FEMTO AP-FC4064-T APGTB385.8.3lb15-W47 LTE Build 15 version, which stems from the admin account using a weak default password: admin, and the...

CVE-2018-9112

A low privileged admin account with a weak default password of admin exists on the Foxconn FEMTO AP-FC4064-T APGTB385.8.3lb15-W47 LTE Build 15. In addition, its web management page relies on the existence or values of cookies when performing security-critical operations. One can gain privileges b...