CVE-2017-4926

VMware vCenter Server 6.5 prior to 6.5 U1 contains a vulnerability that may allow for stored cross-site scripting XSS. An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page...

Advanced Man In The Middle Framework: Xerosploit

Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for penetration testing purposes. It brings various modules together that will help you perform very efficient attacks. You can also use it to perform denial of service attacks and port scanning. Powere...

Command injection

The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell...

Cross-site Scripting (XSS)

automattic/jetpack is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary JavaScript through the modules/shortcodes/polldaddy.php file as it does not properly sanitize the uniqueid parameter...

Apache OFBiz JavaScript Code Injection Vulnerability

Apache OFBiz is an enterprise resource planning system from the Apache Software Foundation in the United States. A security vulnerability in the Apache OFBiz processing form field allows remote attackers to exploit the vulnerability to submit a special request and execute arbitrary JavaScript cod...

CVE-2016-6800

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not...

Default configuration

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not...

CVE-2016-6800

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not...

CVE-2016-6800

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not...

IBM Sametime Cross-Site Scripting Vulnerability (CNVD-2017-27544)

IBM Sametime is a suite of next-generation social communication tools from IBM in the United States. The tool helps users realize real-time business collaboration by integrating audio voice, data and video. A cross-site scripting vulnerability exists in IBM Sametime versions 8.5.2 and 9.0. A remo...

CVE-2016-2975

IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113935...

IBM Curam Social Program Management Cross-Site Scripting Vulnerability (CNVD-2017-25505)

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site scripting vulnerability exists in IBM Curam SPM. A remote attacker can exploit this vulnerability to inject...

IBM Sametime Meetings Server Arbitrary Code Execution Vulnerability (CNVD-2017-26377)

IBM Sametime is a set of next-generation social communication tools from IBM in the United States. The tool helps users realize real-time business collaboration by integrating audio voice, data, and video.Sametime Meeting Server is one of the Web conferencing components used in Sametime chat and...

Atlassian Crucible Cross-Site Scripting Vulnerability

Atlassian Crucible is a suite of code review tools from Atlassian Australia. The tool provides a review process for reviewing code, discussing changes, sharing knowledge, and identifying defects. review dashboard resource is one of the dashboard repositories. A cross-site scripting vulnerability...

Atlassian FishEye repository changelog resource cross-site scripting vulnerability

Atlassian FishEye is a suite of source code repository deep view software from Atlassian Australia. The software provides navigation, search, historical reporting and change analysis. repository changelog resource is one of the updated repositories. A cross-site scripting vulnerability exists in...

CVE-2017-9507

The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the review filter title parameter...

CVE-2017-9509

The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the charset of a previously uploaded file...

CVE-2017-9508

Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the name of a repository or review file...

CVE-2017-13138

DOM based Cross-site scripting XSS vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript...

Cross-Site Scripting Vulnerability in Mythos™ Documentation Management System

Mythos™ Document Management System is a library management reference platform with a professional database as the backend data storage on Windows or UNIX/Linux platform. A cross-site scripting vulnerability exists in the Mythic™ document management system, which can be exploited by remote attacke...