66 matches found
CVE-2025-27405 Icinga Web 2 has XSS in embedded content
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of tha...
CVE-2025-27405 Icinga Web 2 has XSS in embedded content
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of tha...
CVE-2025-27405
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of tha...
CVE-2025-27405
Icinga Web 2 contains a cross-site scripting vulnerability (CVE-2025-27405) where an attacker can craft a URL that, when visited by a user, can embed arbitrary JavaScript and act on behalf of that user. Affected versions are prior to 2.11.5 and 2.12.13; the issue is fixed in 2.11.5 and 2.12.3. As...
CVE-2025-27404 Icinga Web 2 DOM-based XSS vulnerability
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 allows an attacker to craft a URL that, once visited by any user, allows to embed arbitrary Javascript into Icinga Web and to act on behalf of tha...
PT-2025-12970 · Icinga +1 · Icinga Web 2 +1
Name of the Vulnerable Software and Affected Versions: Icinga Web 2 versions prior to 2.11.5 Icinga Web 2 versions prior to 2.12.13 Description: A vulnerability in Icinga Web 2 allows an attacker to craft a URL that, once visited by any user, enables the embedding of arbitrary Javascript into...
PT-2025-12941 · Icinga +1 · Icinga Web 2 +1
Name of the Vulnerable Software and Affected Versions: Icinga Web 2 versions prior to 2.11.5 Icinga Web 2 versions prior to 2.12.13 Description: A vulnerability in Icinga Web 2 allows an attacker to craft a URL that, once visited by any user, enables the embedding of arbitrary Javascript into...
PT-2023-27599 · Ibm · Daeja Viewone Virtual +1
Name of the Vulnerable Software and Affected Versions: IBM Content Navigator versions 3.0.11 through 3.0.14 with IBM Daeja ViewOne Virtual Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to...
PT-2023-21779 · Ibm · Ibm Infosphere Information Server
Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...
PT-2023-21774 · Ibm · Ibm Planning Analytics Local
Name of the Vulnerable Software and Affected Versions: IBM Planning Analytics Local version 2.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session...
Discourse 跨站脚本漏洞
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. Discourse suffers from a cross-site scripting vulnerability that originates from allowing embedding of Javascript via CSP, leading to user session hijacking. Affected product...
CVE-2022-41735 IBM Business Process Manager cross-site scripting
IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...
CVE-2022-43754
CVE-2022-43754 describes an XSS vulnerability in spacewalk/Uyuni within the SUSE Manager Server ecosystem (SUSE Manager Server 4.2 and 4.3). The issue is caused by improper neutralization of input during web page generation, allowing remote attackers to embed Javascript via the path /rhn/audit/sc...
PT-2022-22937 · Ibm · Ibm Infosphere Information Server
Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...
PT-2022-20207 · Ibm · Ibm Infosphere Information Server
Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...
PT-2022-22137 · Ibm · Ibm Websphere Application Server
Name of the Vulnerable Software and Affected Versions: IBM WebSphere Application Server versions 7.0 through 9.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a...
Security Bulletin: IBM Jazz for Service Management is vulnerable to stored cross-site scripting (CVE-2021-29815)
Summary IBM Jazz for Service Management is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Vulnerability...
IBM Jazz Foundation Cross-Site Scripting Vulnerability (CNVD-2021-09038)
IBM Jazz Foundation is a next-generation collaboration platform for software delivery technology from International Business Machines Corporation IBM. IBM Jazz Foundation suffers from a cross-site scripting vulnerability that allows a user to embed arbitrary JavaScript code in the Web UI to chang...
CVE-2020-4681
IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186427...
CVE-2019-4555
IBM Cognos Analytics 11.0 and 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 166204...