5006 matches found
IBM Rational Collaborative Lifecycle Management and Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2017-11424)
IBM Rational Collaborative Lifecycle Management CLM and Rational Quality Manager RQM are both products of the U.S. company IBM. The former is a collaborative lifecycle management solution, the latter is a collaborative, Web-based quality management solution. A cross-site scripting vulnerability...
CVE-2017-9451
Cross site scripting XSS vulnerability in pages.editform.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATHINFO in an acp.php URL, due to use of unsanitized $SERVER'PHPSELF' to generate URLs...
IBM Rational DOORS Next Generation Station Scripting Vulnerability (CNVD-2017-08547)
IBM Rational DOORS Next Generation DNS is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM, USA. The software provides a single platform for global team collaboration to manage requirements more efficiently and share unified user, server and project...
CVE-2017-9420
Cross site scripting XSS vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter...
Contiki Operating System cc26xx-web-demo Cross-Site Scripting Vulnerability
Contiki Operating System is a small, open source, extremely portable multitasking operating system. cc26xx-web-demo is the application used to connect to cloud services. A cross-site scripting vulnerability exists in the MQTT/IBM Cloud Config page a.k.a. mqtt.html of cc26xx-web-demo in the Contik...
Storage-based Cross-site Scripting Vulnerability in Zibo Shining Network Technology Co. Ltd.'s Flash Website Building System
Flash CMS is a flash website system developed by Zibo Flash Network Technology Co. There is a stored cross-site scripting vulnerability in the flash CMS of Zibo Shining Network Technology Co. Attackers can use this vulnerability to insert malicious js code in the page, obtain user cookies and oth...
F5 BIG-IP APM Cross-Site Scripting Vulnerability
The F5 BIG-IP is a load balancer that uses a variety of distribution algorithms to distribute network requests to available servers in a server cluster, enabling network visitors to have the best possible networking experience by managing incoming Web data traffic and increasing effective network...
CVE-2016-9257
In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to...
Cross-site Scripting (XSS)
github.com/gogits/gogs is vulnerable cross-site scripting XSS attacks. The library does not sanitize its user input, allowing a malicious user to inject and execute arbitrary JavaScript...
Cross-Site Scripting in PAN-OS
A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for a cross-site scripting XSS attack. PAN-OS does not properly validate specific request parameters. Ref PAN-70674 / CVE-2017-7409 Successful exploitation of this issue may allow an attacker to inject arbitrar...
CVE-2016-3031
IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1998887...
CVE-2016-8935
IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...
Mail.ru: Stored XSS in e.mail.ru (payload affect multiple users)
Hi, We have found a high risk level STORED XSS in e.mail.ru chat, the status change function allow to inject malicious payload in javascript & HTML, The attack affect multiple users and run in auto mode, no need a user interaction. Vulnerability affect any user that have been invited to your chat...
Shimmie Cross-Site Scripting Vulnerability
Shimmie is a danbooru style image board that is easy to install, run and extend. Shimmie suffers from a cross-site scripting vulnerability that arises due to a failure to effectively filter user-submitted data, allowing an attacker to plant arbitrary JavaScript code on the target website to obtai...
Unspecified Cross-Site Scripting Vulnerability in SAP BusinessObjects Web Intelligence
SAP BusinessObjects Germany SAP SAP company developed a provide a variety of business intelligence software, information management software, enterprise performance management solutions, regulatory, risk and compliance solutions. An unspecified cross-site scripting vulnerability exists in SAP...
IBM WebSphere Portal Cross-Site Scripting Vulnerability
IBM WebSphere Portal is a set of enterprise portal software developed by IBM. The software creates a platform that connects the internal and external parts of an organization, allowing employees, customers and suppliers to access internal data through the platform. A cross-site scripting...
Stored Cross-Site Scripting Vulnerability in DuoDuoRebate.com System Tag Parameters
DuoDuo rebate system is for e-commerce rebate, shopping guide to provide solutions, is the open source PHP rebate site system. DuoDuo rebate website system V8.3UTF8 official version February 10, 2017 there are stored cross-site scripting vulnerabilities. Due to the tag parameter failed to filter ...
CVE-2017-6799
A cross-site scripting XSS vulnerability in viewfilterspage.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'viewtype' parameter...
CVE-2017-6799
A cross-site scripting XSS vulnerability in viewfilterspage.php in MantisBT before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'viewtype' parameter...
CVE-2017-6797
A cross-site scripting XSS vulnerability in bugchangestatuspage.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'actiontype' parameter...