1017 matches found
CVE-2017-0912
Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling...
Cross site scripting
Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling...
CVE-2017-0912
Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling...
Cross-site Scripting (XSS)
oauth2orize-fprm is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of encoding of values in parameters, allowing arbitrary html code to be executed when rendered...
Nagios Fusion < 4.1.4 Multiple XSS Vulnerabilities
Nagios Fusion is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Cross site scripting
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...
Cross site scripting
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...
CVE-2018-0357
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...
Cross site scripting
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters...
CVE-2018-0356
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...
CVE-2018-0357
A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are...
Cross-site Scripting (XSS)
cucumber is vulnerable to cross-site scripting XSS attacks. The HTML formatter appends any scenario output without sanitization, allowing a malicious user to inject and execute arbitrary HTML code...
Node.js third-party modules: [markdown-pdf] Local file reading
I would like to report local file reading in markdown-pdf It allows to insert a malicious html code, which allows to read the local files. Module module name: markdown-pdf version: 8.1.1 npm page: https://www.npmjs.com/package/markdown-pdf Module Description Node module that converts Markdown fil...
CVE-2017-3961
Cross-Site Scripting XSS vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes...
Cross site scripting
Cross-Site Scripting XSS vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes...
CVE-2017-3961 SB10192 - Network Security Management (NSM) - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via crafted user input of attributes...
Cross site scripting
A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient...
Cross site scripting
A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...
CVE-2018-0327
A vulnerability in the web framework of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain...
Cisco Unified Communications Manager and Cisco Unified Presence Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient...