The vulnerabilities in the Moodle learning management system allow a hacker to inject arbitrary Web or HTML code.

The multiple vulnerabilities of the Moodle learning management system’s SCORM module exist due to the lack of measures taken to protect the website structure. Exploiting these vulnerabilities allows a malicious actor to inject arbitrary Web or HTML code using a specially created name for the...

The vulnerability of the Business Process Manager system allows a perpetrator to inject arbitrary Web or HTML code.

The vulnerability of the Document List control implementation in the Business Process Manager system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using a specially crafted URL...

Vulnerabilities in the software for Cisco WebEx Meetings Server, which allow attackers to inject arbitrary Web or HTML code

Multiple vulnerabilities in the software for Cisco WebEx Meetings Server exist due to the lack of measures taken to protect the website structure. Exploiting these vulnerabilities allows a malicious actor to inject arbitrary Web or HTML code remotely...

The vulnerability of the Adobe Connect instant messaging program allows a hacker to inject arbitrary Web or HTML code.

The vulnerability of the Adobe Connect instant messaging program exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code using request parameters...

The vulnerability of Microsoft Excel editors allows a hacker to inject arbitrary Web or HTML code.

The vulnerability of Microsoft Excel editors exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code through a specially crafted email message...

The vulnerability of the Adobe Connect instant messaging program allows a hacker to inject arbitrary Web or HTML code.

The vulnerability of the Adobe Connect instant messaging program exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary Web or HTML code remotely...

chromium-browser: use-after-free in Blink

WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted HTML document...

RabbitMQ: /api/... XSS vulnerability

A cross-site scripting vulnerability was discovered in RabbitMQ, which allowed using api/ path info to inject and receive data. A remote attacker could use this flaw to create an "/api/..." URL, forcing a server error that resulted in the server returning an HTML page with embedded text from the...

The vulnerability of the microprogramming software of the Harman AMX multimedia stream management system allows a intruder to gain access to protected information.

The vulnerability of the setUpSubtleUserAccount/bin/bw function in the Harman AMX multimedia stream management software exists due to the rigid encoding of registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to protected information...

Microsoft Internet Explorer Spoofing Vulnerability

Microsoft Internet Explorer is a popular web browser introduced by Microsoft and bundled with the Windows operating system. A spoofing vulnerability exists in Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof Web sites via ...

The vulnerability of the Cisco Firepower Extensible Operating System allows a perpetrator to gain access to read the files.

The vulnerability of the Cisco Firepower Extensible Operating System is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to files through a specially crafted HTTP request...

The vulnerability of the Internet Explorer browser, which allows a hacker to bypass the protection against cross-site scripting attacks

The vulnerability of the Internet Explorer browser is caused by errors in the processing of HTTP responses. Exploiting this vulnerability allows a malicious actor to bypass security measures against cross-site scripting attacks from a remote location...

Unspecified Vulnerability in Oracle E-Business Suite Oracle CRM Technical Foundation CRM HTML Administration Component

Oracle E-Business Suite is a new generation of e-business suite from Oracle. An unspecified security vulnerability exists in the Oracle E-Business Suite Oracle CRM Technical Foundation CRM HTML Administration component, which could be exploited by remote attackers to submit a special request to...

UBUNTU-CVE-2015-7519

agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, when used in Apache integration mode or in standalone mode without a filtering proxy, allows remote attackers to spoof headers passed to applications by using an underscore character instead of a -...

markdown-it and NodeBB HTML Injection Vulnerabilities

markdown-it is a parser product. NodeBB is a forum system developed by the Design Create Play team and built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. An HTML injection vulnerability exists in markdown-it versions prior to 4.1.0 and NodeBB versions...

TheHostingTool HTML Injection Vulnerability

TheHostingTool is a set of open source free PHP-based hosting applications. TheHostingTool suffers from an HTML injection vulnerability. An attacker can exploit the vulnerability to execute arbitrary HTML or JavaScript code in the context of an affected site...

The vulnerability of the Firefox browser, which allows a violator to trigger a service failure

The vulnerability of the Firefox browser’s HTTP/2 implementation arises from the loss of a significant number of bits. Exploiting this vulnerability allows an attacker to cause a service failure remotely by triggering a “Assertion failure” error message and a premature termination of the service...

The vulnerability of the Firefox browser, which allows a violator to trigger a service failure

The vulnerability in the implementation of the HTTP/2 protocol in Firefox browsers arises from the loss of precision in calculations. Exploiting this vulnerability allows a malicious actor to cause a service failure—the appearance of an error message indicating “Assertion failure” or an emergency...

Belkin N150 Wireless Home Router HTML Injection Vulnerability

Belkin N150 Wireless Home is a wireless router product from Belkin USA. An HTML injection vulnerability exists in the Belkin N150 Wireless Home Router, which can be exploited by an attacker to execute arbitrary HTML...

Let's PHP! p++BBS HTML Injection Vulnerability

Let's PHP! p++BBS is a bulletin board system. Let's PHP! p++BBS suffers from an HTML injection vulnerability that can be exploited by remote attackers to inject malicious script or HTML code, which can be used to obtain sensitive information or hijack user sessions when malicious data is viewed...