The vulnerability of the IBM WebSphere Portal software arises from the lack of measures taken to protect the structure of the web page. This allows attackers to disclose user credentials during a secure session.

The vulnerability of the IBM WebSphere Portal software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to gain access to user credentials during a secure session, thereby allowing the insertion of arbitra...

The vulnerability of the IBM WebSphere Portal software arises from the lack of measures taken to protect the structure of the web page. This allows attackers to disclose user credentials during a secure session.

The vulnerability of the IBM WebSphere Portal software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor to gain access to user credentials during a secure session, thereby allowing the insertion of arbitra...

CVE-2018-5411

Pixar's Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. The stored information is displayed when a user requests information about the node. An attacker could insert Javascript into...

Cross-Site Scripting (XSS)

dnn.platform is vulnerable to cross-site scripting. The return URL is not sanitized which allows for remote attackers to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

CVE-2018-0716

Cross-site scripting vulnerability in QTS 4.2.6 build 20180711, QTS 4.3.3: Qsync Central 3.0.2, QTS 4.3.4: Qsync Central 3.0.3, QTS 4.3.5: Qsync Central 3.0.4 and earlier versions could allow remote attackers to inject Javascript code in the compromised application...

IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2018-24367)

IBM Rational Collaborative Lifecycle Management CLM and so on are the products of IBM Corporation in the U.S.A. IBM Rational Collaborative Lifecycle Management is a set of collaborative lifecycle management solutions.Rational IBM Rational Collaborative Lifecycle Management CLM is a collaborative...

QNAP QTS Cross-Site Scripting Vulnerability (CNVD-2018-24263)

QNAP QTS is a Turbo NAS operating system from QNAP Systems. The system provides file storage, management, backup, multimedia applications and security monitoring. A cross-site scripting vulnerability exists in QNAP QTS version 4.2.6 build 20180711 and earlier, 4.3.3 build 20180725 and earlier, an...

CVE-2018-0719

Cross-site Scripting XSS vulnerability in NAS devices of QNAP Systems Inc. QTS allows attackers to inject javascript. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions ...

CVE-2018-12241

The Symantec Security Analytics SA 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting XSS vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks ...

Cross-site Scripting (XSS)

bootstrap-datepicker is vulnerable to a cross-site scripting XSS attack. The library does not properly handle the jQuery for the date container, allowing a malicious user to inject arbitrary Javascript...

Cross-Site Scripting (XSS)

validator is vulnerable to cross-site scripting. A remote attacker is able to bypass XSS filters via nested forbidden strings to inject arbitrary Javascript into a victim’s browser to steal session tokens or perform unwanted actions on behalf of the user...

The vulnerability of the login page of the GlobalProtect firewall’s web interface allows a hacker to inject arbitrary JavaScript or HTML code.

The vulnerability of the login page of the GlobalProtect web interface in the PAN-OS operating system arises from insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code...

Cross-site Scripting (XSS)

notebook is vulnerable to a cross-site scripting XSS attack. The library does not properly sanitize URLs passed through a directory name, allowing a malicious user to inject and execute arbitrary Javascript...

Cross-Site Scripting (XSS)

flowplayer is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the callback parameter in the Flash fallback feature, allowing the attacker to steal session tokens or perform unwanted actions on behalf of the user. This...

Cross-Site Scripting (XSS)

Plupload is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the id parameter to steal session tokens or perform unwanted actions on behalf of the user...

Cross-Site Scripting (XSS)

DotNetNuke.Core is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user via the dnnVariable parameter to the default URI...

Cross site scripting

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'responsemode=formpost' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login...

CVE-2018-14655

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'responsemode=formpost' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login...

keycloak: XSS-Vulnerability with response_mode=form_post

A flaw was found in Keycloak 3.4.3.Final, 4.0.0.Beta2, 4.3.0.Final. When using 'responsemode=formpost' it is possible to inject arbitrary Javascript-Code via the 'state'-parameter in the authentication URL. This allows an XSS-Attack upon succesfully login...

Khan Academy: Cross site scripting (content-sniffing)

Your website may be vulnerable to cross site scripting attacks HTTP request: GET...