IBM Rational Team Concert Cross-Site Scripting Vulnerability (CNVD-2017-32842)

IBM Rational Team Concert RTC is the U.S. IBM's set of Jazz-based platform and support decentralized teams for real-time collaboration related to software lifecycle management solutions. A cross-site scripting vulnerability exists in IBM RTC versions 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0...

cpmstar.com XSS vulnerability

Open Bug Bounty ID: OBB-367745 Description| Value ---|--- Affected Website:| cpmstar.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

IBM Daeja ViewONE Cross-Site Scripting Vulnerability (CNVD-2017-34484)

IBM Daeja ViewONE is a document viewer from IBM that supports TIFF, PDF and Office-based documents.IBM Daeja ViewONE Virtual, Daeja ViewONE Standard and Daeja ViewONE Professional are its different Daeja ViewONE Virtual, Daeja ViewONE Standard and Daeja ViewONE Professional are different versions...

Rate Me Cross-Site Scripting Vulnerability

Rate Me is a rating script written in PHP. A cross-site scripting vulnerability exists in the rate-me.php file in Rate Me version 1.0. A remote attacker can exploit this vulnerability to inject JavaScript code...

Juniper Junos Space HTML Injection Vulnerability

Juniper Junos Space is a network management solution from Juniper Networks. The solution supports automated configuration, monitoring and troubleshooting of devices and services throughout their lifecycle. An HTML injection vulnerability exists in Juniper Junos Space versions prior to 17.1R1. A...

CVE-2017-15538

Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes/class.ilMediaItem.php...

Atlassian FishEye and Crucible Cross-Site Scripting Vulnerabilities

Atlassian FishEye and Crucible are both products of the Australian company Atlassian, FishEye is a suite of software for deep viewing of source code repositories and Crucible is a suite of code review tools. A cross-site scripting vulnerability exists in the administration user deletion resource ...

austinschools.org XSS vulnerability

Vulnerable URL: http://www.austinschools.org/it/flashdetection.swf?flashContentURL=javascript:alert1 Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 11.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1164964 VI...

Cross-site Scripting (XSS)

loofah is vulnerable to cross-site scripting XSS attacks. The library is does not properly sanitize nested script tags, allowing a malicious user to inject and execute arbitrary Javascript...

CVE-2017-15214

Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users including unauthenticated users, via the name, title, or id parameter to...

CVE-2017-15215

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...

CVE-2017-15215

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...

CVE-2017-15213

Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the realname or emailaddress field to themes/CleanFS/templates/common.editallusers.tpl...

CVE-2017-15214

Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users including unauthenticated users, via the name, title, or id parameter to...

Cross site scripting

Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users including unauthenticated users, via the name, title, or id parameter to...

CVE-2017-15215

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...

Flyspray Stored Cross-Site Scripting Vulnerability

Flyspray is a lightweight, web-based, bug tracking system written in PHP to assist in software development and project management. Flyspray suffers from a stored cross-site scripting vulnerability, which allows an authenticated user to gain administrator privileges by injecting JavaScript via the...

dotCMS Stored Cross-Site Scripting Vulnerability

dotCMS is a content management system CMS from the United States dotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A cross-site scripting vulnerability exists in the vanity-urls Title field in dotCMS version 4.1.1, which originat...

CVE-2017-15215

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...

Magento E-Commerce Platform Cross-Site Scripting Vulnerability

Magento E-Commerce Platform is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions . A cross-site scripting vulnerability exists in Magento E-Commerce Platform version 1.9.0.1. ...