CVE-2017-1546

IBM DOORS Next Generation DNG/RRC 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

CVE-2017-11507

A cross site scripting XSS vulnerability exists in CheckMK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the outputformat parameter, and the username parameter of failed HTTP basic authentication...

Samsung Internet Browser SOP Bypass

This module takes advantage of a Same-Origin Policy SOP bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up. Thi...

IBM Sterling File Gateway Cross-Site Scripting Vulnerability

IBM Sterling File Gateway is a suite of file transfer software from IBM in the United States. The software integrates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet. A cross-site scripting vulnerability exists in IBM Sterling...

Ubiquiti Inc.: Stored XSS => community.ubnt.com

Due to an error on the user input validation process, it was possible to create posts in some forums on community.ubnt.com with arbitrary HTML code, an especially crafted message could inject Javascript code on the page, resulting in stored XSS. A Stored XSS issue Was Discovered in ubnt Community...

IBM DOORS Next Generation Cross-Site Scripting Vulnerability (CNVD-2017-38359)

IBM Rational DOORS Next Generation DNG/RRC is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM, USA. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers and project...

Cross-site Scripting (XSS)

Concrete5 is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary JavaScript through parameters in the conversation editor...

IBM Rational DOORS Next Generation Cross-Site Scripting Vulnerability (CNVD-2017-37832)

IBM Rational DOORS Next Generation DNG and Rational Requirements Composer RRC are both requirements management solutions from IBM USA. The solutions are primarily used to define, manage, and report on requirements throughout the project lifecycle. A cross-site scripting vulnerability exists in IB...

IBM Rational DOORS Next Generation Cross-Site Scripting Vulnerability (CNVD-2017-37834)

IBM Rational DOORS Next Generation DNG and Rational Requirements Composer RRC are both requirements management solutions from IBM USA. The solutions are primarily used to define, manage, and report on requirements throughout the project lifecycle. A cross-site scripting vulnerability exists in IB...

UBUNTU-CVE-2017-7840

JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripti...

CVE-2017-7840

JavaScript can be injected into an exported bookmarks file by placing JavaScript code into user-supplied tags in saved bookmarks. If the resulting exported HTML file is later opened in a browser this JavaScript will be executed. This could be used in social engineering and self-cross-site-scripti...

Home Assistant Cross-Site Scripting Vulnerability

Home Assistant is an open source platform for automated management of home network devices. A cross-site scripting vulnerability exists in versions of Home Assistant prior to 0.57. A remote attacker can exploit this vulnerability to inject JavaScript code via specially crafted Markdown text...

CVE-2017-16782

In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...

CVE-2017-16782

CVE-2017-16782 affects Home Assistant prior to 0.57. It is a cross-site scripting (XSS) vulnerability in the persistent notification rendering, where crafted Markdown text can inject JavaScript. The root cause is improper sanitization in Markdown rendering for notifications, enabling arbitrary sc...

CVE-2017-16782

In Home Assistant before 0.57, it is possible to inject JavaScript code into a persistent notification via crafted Markdown text, aka XSS...

Cross-site Scripting (XSS)

swagger-ui is vulnerable to cross-site scripting XSS attacks. The library does not sanitize href links, allowing a malicious user to inject and execute arbitrary Javascript through these links...

IBM OpenPages GRC Platform Cross-Site Scripting Vulnerability (CNVD-2017-34427)

IBM OpenPages GRC Platform is a suite of platforms for managing enterprise risk and compliance from IBM in the United States. The platform provides a set of core services and functional components that cover the risk and compliance domain including operational risk, policy and compliance, financi...

IBM OpenPages GRC Platform Cross-Site Scripting Vulnerability (CNVD-2017-34429)

IBM OpenPages GRC Platform is a suite of platforms for managing enterprise risk and compliance from IBM in the United States. The platform provides a set of core services and functional components that cover the risk and compliance domain including operational risk, policy and compliance, financi...

CVE-2017-1000144

Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages...

IBM Rational DOORS Next Generation Cross-Site Scripting Vulnerability

IBM Rational DOORS Next Generation RDNG is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM in the United States. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers...