CVE-2020-3955

ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base sco...

Design/Logic Flaw

ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base sco...

CVE-2020-3955

CVE-2020-3955 affects VMware ESXi 6.5 and 6.7 via a stored XSS in the ESXi Host Client when viewing virtual machine attributes. The underlying issue is improper neutralization of script-related HTML, allowing an authenticated attacker who can modify VM properties (e.g., hostname) to inject script...

CVE-2018-9079 Iomega and LenovoEMC NAS Web UI Vulnerabilities

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model DOM of the page. In addition, adversaries can inject HTML script tags and HTML tags with JavaScript handlers to execute arbitrary JavaScript with the...

CVE-2017-16043

Shout is an IRC client. Because the /topic command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout =0.44.0 =0.49.3...

CVE-2017-16043

Shout is an IRC client. Because the /topic command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout =0.44.0 =0.49.3...

Command injection

Shout is an IRC client. Because the /topic command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout =0.44.0 =0.49.3...

CVE-2017-16043

Shout is an IRC client. Because the /topic command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout =0.44.0 =0.49.3...

AXON PBX 2.02 Cross Site Scripting

Aloha, 1. Introduction Vendor: NCH Software Affected Product: AXON PBX - 2.02 Vendor Website: http://www.nch.com.au/pbx/index.html Vulnerability Type: Reflected XSS Remote Exploitable: Yes CVE ID: CVE-2018-11552 2. Overview There is a reflected XSS vulnerability in AXON PBX Web interface. The...

Cross site scripting

An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a pag...

CVE-2018-10371

An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a pag...

CVE-2018-8831

A Persistent XSS vulnerability exists in Kodi formerly XBMC through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist...

Catalyst Mahara Stored Cross-Site Scripting Vulnerability

Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A stored cross-site scripting vulnerability exists in Catalyst Mahara versions 1.9 before 1.9.6, 1.10 before 1.10.4, and 15.04 before 15.04.1. A remot...

TeamPass Cross-Site Scripting Vulnerability (CNVD-2017-30335)

TeamPass is a dedicated password manager for Apache, MySQL and PHP. A cross-site scripting vulnerability exists in versions prior to TeamPass 2.1.27.9 that stems from the program failing to adequately filter data. A remote attacker can exploit this vulnerability to execute arbitrary HTML or scrip...

Cross-site Scripting (XSS)

Moodle is vulnerable to cross-site scripting XSS attacks. The library does not properly filter user input to the quizquestiontostring function in mod/quiz/editlib.php, allowing a malicious user to inject and execute arbitrary HTML script...

XSS in Error Page - ownCloud

A Attacker can inject HTML script code into a error message Affected Software ownCloud Server 10.0.2 CVE-2017-8896 ownCloud Server 9.1.6 CVE-2017-8896 ownCloud Server 9.0.10 CVE-2017-8896 ownCloud Server 8.2.12 CVE-2017-8896 Action Taken Escape output Acknowledgements The ownCloud team thanks the...

DEBIAN-CVE-2017-7203

A Cross-Site Scripting XSS was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data postLoginQuery passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and scrip...

CVE-2017-6486

A Cross-Site Scripting XSS issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data nyroModalSel passed to the "reasoncms-master/www/nyroModal/demoSent.php" URL. An attacker could execute arbitrary HTML and script code in a...

WonderCMS 0.9.8 Cross Site Scripting

============================================= MGC ALERT 2016-006 - Original release date: Nov 16, 2016 - Last revised: Nov 21, 2016 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I. VULNERABILITY -------------------------...

Infor CRM 8.2.0.1136 Cross Site Scripting

Infor CRM 8.2.0.1136 Multiple HTML Script Injection Vulnerabilities Vendor: Infor Product web page: http://www.infor.com Affected version: 8.2.0.1136 Summary: Infor® CRM, formerly Saleslogix, is an award-winning customer relationship management CRM solution that provides a complete view of...