Reflected Cross-site Scripting (XSS)

redis-commander is vulnerable to reflected cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary Javascript through the highlighterId parameter in the web/static/jstree/docs/syntax/clipboard.swf file...

Oracle Financial Services Analytical Application XXE / XSS Vulnerabilities

Exploit for multiple platform in category web applications The Oracle Financial Services Analytical Application is affected by an XML External Entity XXE vulnerability which may lead to disclosing sensitive information. It is also affected by a reflected cross site scripting XSS issue. Vendor...

Cross site scripting

A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content...

CVE-2017-15092

A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content...

Moodle cross-site scripting vulnerability (CNVD-2018-02376)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A cross-site scripting vulnerability exists in version 3.x of Moodle. A remote attacke...

Arbitrary Code Execution

mathjs is vulnerable to arbitrary code exection through javascript injection. The vulnerability exists as arbitrary method in Object.prototype can be called through validateSafeMethod...

Skybox Platform Cross-Site Scripting Vulnerability

Skybox PlatformAn enterprise-grade network security management platform from US-based Skybox Security. The platform features attack vector analysis, firewall management, vulnerability and threat management, and more. A cross-site scripting vulnerability exists in the title, Comments, or Descripti...

PrestaShop Cross-Site Scripting Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A cross-site scripting vulnerability exists in PrestaShop version 1.7.2.4. A remote...

Cross-site Scripting (XSS)

github.com/koding/koding is vulnerable to cross-site scripting XSS attacks. The application does not properly encode the about field in a user's profile, allowing a malicious user to inject and execute arbitrary Javascript...

CVE-2017-14594

The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the jqlQuery query parameter...

Symantec ProxySG Cross-Site Scripting Vulnerability

Symantec ProxySG is a security gateway appliance from Symantec USA. A cross-site scripting vulnerability exists in Symantec ProxySG. A remote attacker could exploit this vulnerability by using a specially crafted management console to inject arbitrary JavaScript code into the management console's...

Symantec ASG and ProxySG Cross-Site Scripting Vulnerabilities

Symantec Advanced Secure Gateway ASG and ProxySG are both security gateway appliances from Symantec, Inc. management console is one of the management consoles. A cross-site scripting vulnerability exists in the management console in Symantec ASG and ProxySG. A remote attacker could exploit this...

Cross Site Scripting Vulnerability in PAN-OS GlobalProtect

A vulnerability exists in PAN-OS GlobalProtect when either the gateway or the portal are configured. This issue could allow for a cross-site scripting XSS attack. Ref PAN-81586 / CVE-2017-15941 Successful exploitation of this issue may allow an attacker to inject arbitrary javascript or HTML. Thi...

Cross Site Scripting in PAN-OS Captive Portal

A vulnerability exists in PAN-OS Captive Portal that could allow for a cross-site scripting XSS attack to be performed against clients viewing the captive portal page when configured in a certain way. Ref PAN-85238 / CVE-2017-16878 Successful exploitation of this issue may allow an attacker to...

CVE-2018-3810

Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code via the sgcgoogleanalytic parameter that runs on all pages served by WordPress. The saveGoogleCode function in...

content.golfscape.com XSS vulnerability

Open Bug Bounty ID: OBB-467054 Description| Value ---|--- Affected Website:| content.golfscape.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

Cross site scripting

IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692...

CVE-2017-4940

The ESXi Host Client in VMware ESXi 6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG contains a vulnerability that may allow for stored cross-site scripting XSS. An attacker can exploit this vulnerability by injecting Javascript, which might get...

IBM iNotes Cross-Site Scripting Vulnerability (CNVD-2018-00664)

IBM iNotes also known as IBM Lotus iNotes is a set of Web-based e-mail software from IBM in the United States. The software helps different types of users online and offline users to effectively manage business-critical information and collaboration. A cross-site scripting vulnerability exists in...

CVE-2017-1421

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...