CVE-2017-5949

Removed by vendor...

macOS : Apple Safari < 10.1 Multiple Vulnerabilities

The version of Apple Safari installed on the remote macOS or Mac OS X host is prior to 10.1. It is, therefore, affected by multiple vulnerabilities: - An out-of-bounds read error exists in WebKit when handling certain JavaScript code. An unauthenticated, remote attacker can exploit this to cause ...

CVE-2017-1120

IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 2000152...

phplist cross-site scripting vulnerability (CNVD-2017-04340)

phplist is an application written in PHP for news management. A cross-site scripting vulnerability exists in phplist, which can be exploited by an attacker to trigger a cross-site scripting attack by writing arbitrary JavaScript code...

CVE-2017-2661

It was found that pcsd was vulnerable to reflected cross-site scripting XSS attacks while handling node names during creation or import of a cluster. An attacker could use this flaw to run javascript code in an authenticated session...

Cross site scripting

IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : C1000264...

Cross site scripting

IBM QRadar 7.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference : 1999534...

Code injection

The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/showbug.cgi?id=1167489c9 protection mechanism in place, which makes it...

CVE-2017-5928

The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/showbug.cgi?id=1167489c9 protection mechanism in place, which makes it...

Apple WebKit 10.0.2 - FrameLoader::clear Universal Cross-Site Scripting

Apple WebKit 10.0.2 - FrameLoader::clear Universal Cross-Site Scripting domWindow; mframe.document-domWindow-resetUnlessSuspendedForDocumentSuspension; mframe.script.clearWindowShellnewDocument-domWindow, mframe.document-pageCacheState == Document::AboutToEnterPageCache; / Apple WebKit: UXSS via...

CVE-2016-6055

IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Referen...

CVE-2016-5902

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2016-6096

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2016-5881

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2016-2992

IBM Infosphere BigInsights is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2016-9704

IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2016-5948

IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2016-5980

IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2016-6000

IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

Cross site scripting

IBM Jazz Reporting Service JRS is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...