IBM Rational Engineering Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2017-33349)

IBM Rational Engineering Lifecycle Manager RELM is a suite of engineering lifecycle management software from IBM in the United States. A cross-site scripting vulnerability exists in IBM RELM. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

IBM Rational Engineering Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2017-33353)

IBM Rational Engineering Lifecycle Manager RELM is a suite of engineering lifecycle management software from IBM in the United States. A cross-site scripting vulnerability exists in IBM RELM. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

IBM Rational Engineering Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2017-33346)

IBM Rational Engineering Lifecycle Manager RELM is a suite of engineering lifecycle management software from IBM in the United States. A cross-site scripting vulnerability exists in IBM RELM. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

CVE-2017-9537

SolarWinds Network Performance Monitor 12.0.15300.90 is affected by CVE-2017-9537 (and related records) due to a persistent XSS in the Add Node function. An attacker can inject arbitrary JavaScript into multiple vulnerable parameters (e.g., City, Comments, Department) during node-adding workflows...

CVE-2017-14957

Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can for example change global settings or create/delete posts. It is also possible to execute JavaScript against...

CVE-2017-14957

CVE-2017-14957 is a stored XSS vulnerability in BlogoText prior to 3.7.6. The attack path is through a comment in inc/conv.php, allowing an unauthenticated attacker to inject JavaScript. If the victim is an administrator, the attacker can alter global settings or create/delete posts; it can also ...

Cross site scripting

Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users...

Tine 2.0 stored cross-site scripting vulnerability (CNVD-2017-30082)

Tine 2.0 provides classic groupware components and sets the standard in the collaboration space. A stored cross-site scripting vulnerability exists in Tine 2.0, which allows authenticated users to inject JavaScript using the vulnerability...

Tine 2.0 Stored Cross-Site Scripting Vulnerability

Tine 2.0 provides classic groupware components and sets the standard in the collaboration space. A stored cross-site scripting vulnerability exists in Tine 2.0, which can be exploited by authenticated users to inject JavaScript...

Tine 2.0 stored cross-site scripting vulnerability (CNVD-2017-30081)

Tine 2.0 provides classic groupware components and sets the standard in the collaboration space. A stored cross-site scripting vulnerability exists in Tine 2.0, which allows authenticated users to inject JavaScript using the vulnerability...

eGroupWare Stored Cross-Site Scripting Vulnerability

eGroupWare is a multi-user, WEB-based workware suite developed on the basis of customization sets on a PHP-based API. A stored cross-site scripting vulnerability exists in eGroupWare, which allows remote attackers to inject JavaScript via the User-Agent HTTP header which is incorrectly handled...

CVE-2017-14922

CVE-2017-14922 describes a stored XSS in Tine 2.0 Community Edition prior to 2017.08.4. An authenticated user can inject JavaScript via an IMG element in History views (Profile, Calendar, Tasks, CRM); the payload is mishandled during rendering by admins and other users. The affected software is T...

CVE-2017-14923

Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users...

Cross-Site Scripting (XSS)

Pypeline is vulnerable to cross-site scriptingXSS attacks. The Python library allows the passing of Javascript to the Markup processor...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2017-34480)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2017-34482)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM...

IBM Business Process Manager Cross-Site Scripting Vulnerability

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM...

Stored Cross-Site Scripting Vulnerability in the YoYo Housing App

YouYouGoodHouse app is a rental app created by Chengdu GoodHouse Technology Co. A stored cross-site scripting vulnerability exists in the "About Us" section of the YouYouHaoRooms app. An attacker can insert malicious js code into the page to obtain user cookies and other information, resulting in...

CVE-2017-14615

An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the...

Design/Logic Flaw

An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the...