Cross site scripting

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance RSA IMG...

CVE-2017-8005

The CVE-2017-8005 entry affects EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA Identity Management and Governance (IMG). Affected are RSA Identity Governance and Lifecycle versions 7.0.1 and 7.0.2 (all patch levels); RSA Via Lifecycle and Governance version 7...

CVE-2017-8005

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance RSA IMG...

Open-Xchange (OX) App Suite Multiple Cross Site Scripting Vulnerabilities (Jun 2017)

Open-Xchange OX App Suite is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later Thi...

Google Chrome V8 Private Property Arbitrary Code Execution

// Source: https://github.com/secmob/pwnfest2016/ function exploit function tohexnum return num0.toString16; function intarraytodoubleintarr var uBuf = new Uint32Array2; var dBuf = new Float64ArrayuBuf.buffer; uBuf0=intarr0; uBuf1=intarr1; return dBuf0; function strtodoublestr//leng of str must b...

Input validation

IBM DOORS Next Generation DNG/RRC 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756...

CVE-2016-6037

IBM Rational Team Concert RTC is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting...

CVE-2016-6037

IBM Rational Team Concert RTC is vulnerable to HTML injection. A remote attacker with project administrator privileges could send a project that contains malicious HTML code, which when the project is viewed, would be executed in the victim's Web browser within the security context of the hosting...

Nextcloud: CSRF token validation is missing

Greetings, Hello Security Team, Summary I know this is a medium risk issue but i want you guys to be aware of it that the CSRF token validation is missing at the time of login on https://portal.nextcloud.com/login.php login page. PoC Code: Email Password Login Now Forgot Password? var tabs = '';...

CVE-2017-7391

A Cross-Site Scripting XSS was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data prefix passed to the 'magmi-git-master/magmi/web/ajaxgettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of...

CVE-2017-7250

A Cross-Site Scripting XSS was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data action passed to the 'Gazelle-master/sections/tools/finances/bitcoinbalance.php' URL. An attacker could execute arbitrary HTML and script code in a...

CVE-2017-7247

Multiple Cross-Site Scripting XSS were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data torrents, size passed to the 'Gazelle-master/sections/tools/managers/multiplefreeleech.php' URL. An attacker could execute arbitrary HTML...

CVE-2017-7251

A Cross-Site Scripting XSS was discovered in pi-engine/pi 2.5.0. The vulnerability exists due to insufficient filtration of user-supplied data preview passed to the "pi-develop/www/script/editor/markitup/preview/markdown.php" URL. An attacker could execute arbitrary HTML and script code in a...

CVE-2017-7204

A Cross-Site Scripting XSS was discovered in imdbphp 5.1.1. The vulnerability exists due to insufficient filtration of user-supplied data name passed to the "imdbphp-master/demo/search.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable...

CVE-2016-9696

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM Reference : 1999960...

AXIS Communications - Cross-Site Scripting / Content Injection

0RWELLL4BS security advisory olsa-2015-8258 PGP: 79A6CCC0 @orwelllabs Advisory Information ==================== - Title: ImagePath Resource Injection/Open script editor - Vendor: AXIS Communications - Research and Advisory: Orwelllabs - Class: Improper Input Validation CWE-20 - CVE Name:...

Authorization

An issue was discovered in SiberianCMS before 4.10.0. The vulnerability exists due to insufficient filtration of user-supplied data log passed to the "SiberianCMS-master/errors/500.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable...

Authorization

An issue was discovered in Shimmie = 2.5.1. The vulnerability exists due to insufficient filtration of user-supplied data log passed to the "shimmie2-master/ext/chatbox/history/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable...

CVE-2017-6906

An issue was discovered in SiberianCMS before 4.10.0. The vulnerability exists due to insufficient filtration of user-supplied data log passed to the "SiberianCMS-master/errors/500.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable...

CVE-2017-6907

An issue was discovered in Open.GL before 2017-03-13. The vulnerability exists due to insufficient filtration of user-supplied data content passed to the "Open.GL-master/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website...