CVE-2020-4663

IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

Cross site scripting

IBM Engineering Requirements Quality Assistant On-Premises is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2020-4666

CVE-2020-4666 affects IBM Engineering Requirements Quality Assistant On-Premises. The vulnerability is a cross-site scripting flaw in the Web UI that could let an attacker embed arbitrary JavaScript in the UI, potentially altering functionality and disclosing credentials within a trusted session....

IBM Emptoris Contract Management Cross-Site Scripting Vulnerability (CNVD-2021-01992)

IBM Emptoris Contract Management is a web-based contract management software for managing and maintaining legal contracts between parties. A cross-site scripting vulnerability exists in IBM Emptoris Contract Management 10.1.3. An attacker can exploit this vulnerability to embed arbitrary JavaScri...

Security Bulletin: Multiple vulnerabilites affect IBM Jazz Foundation and IBM Engineering products.

Summary There are multiple vulnerabilities that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Requirements Management DOORS Next DOORS Next, IBM Engineering Lifecycle Optimization - Engineeri...

CVE-2020-4892

IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190979...

Cross site scripting

Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Unisphere for PowerMax versions prior to 9.0.2.16, and Dell EMC PowerMax OS 5978.221.221 and 5978.479.479 contain a Cross-Site Scripting XSS vulnerability. An authenticated malicious user may potentially exploit this vulnerabilit...

Cross site scripting

Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability. A remote authenticated malicious user with low privileges could exploit this vulnerability to store malicious HTML or JavaScript code under the device tag. When victim users access the submitted...

CVE-2020-26297

mdBook is a utility to create modern online books from Markdown files and is written in Rust. In mdBook before version 0.4.5, there is a vulnerability affecting the search feature of mdBook, which could allow an attacker to execute arbitrary JavaScript code on the page. The search feature of mdBo...

Cross site scripting

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274...

CVE-2020-4910

IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191274...

Code injection

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine...

CVE-2020-28464 Remote Code Execution (RCE)

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine...

Korzio Djv 命令注入漏洞

Korzio Djv is Korzio individual developers of a Javascript-based software used to dynamically verify the Json data format . A command injection vulnerability exists in versions prior to djv 2.1.4, which stems from the lack of proper validation of client-side data by the web application. An attack...

MTN Group: Reflected XSS on gamesclub.mtn.com.g

hello dear I have found Reflected XSS on gamesclub.mtn.com.g parameters injectable /header.aspx my payload "; HTTP Header input Referer was set to https://www.google.com/search?hl=en&q=testing'"&%gQmT9082 HTTP request =========== GET /header.aspx HTTP/1.1 Host: gamesclub.mtn.com.gh...

CVE-2020-25799

LimeSurvey 3.21.1 is affected by cross-site scripting XSS in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser...

Cross site scripting

LimeSurvey 3.21.1 is affected by cross-site scripting XSS in the Quota component of the Survey page. When the survey quota being viewed, e.g. by an administrative user, the JavaScript code will be executed in the browser...

CVE-2020-5809

A stored XSS vulnerability exists in Umbraco CMS = 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS...

CVE-2020-4988

Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. IBM X-Force ID: 192706...

IBM Content Navigator and IBM FileNet Content Manager Cross-Site Scripting Vulnerability

IBM Content Navigator and IBM FileNet Content Manager are both products of IBM Corporation in the U.S. IBM Content Navigator is a Web client. The product supports searching and processing documents stored in the content server from a Web browser.IBM FileNet Content Manager is a content management...