Cross-site Scripting (XSS)

primefaces is vulnerable to cross-site scripting XSS attacks. The application does not sanitize the MenuItem variable, allowing a malicious user to inject and execute arbitrary Javascript...

Grab: [growth.grab.com] Reflected XSS via Base64-encoded "q" param on "my.html" Valentine's microsite

Hi, An encoded injection in the q parameter on my.html can be used to reflect JavaScript in the growth.grab.com context. This microsite creates a "Grab's Valentine" card for a driver over the past year, and carries its data in Base64 format. Proof of concept Please visit the following URL, scroll...

Invoice Plane Cross-Site Scripting Vulnerability (CNVD-2018-04555)

InvoicePlane is an open source financial system. The system has features to manage quotes, invoices and payments. A cross-site scripting vulnerability exists in the client email field in InvoicePlane 1.5.4 and prior versions. A remote attacker can exploit this vulnerability to execute JavaScript...

Mautic Cross-Site Scripting Vulnerability

Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. A cross-site scripting vulnerability exists in Company name in Mautic 2.11.0 and earlier versions. A remote attacker can exploit this vulnerability to...

Dolibarr cross-site scripting vulnerability (CNVD-2018-04561)

Dolibarr is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, etc. Product details is one of the product details module. A cross-site scriptin...

CVE-2017-16356

Reflected XSS in Kubik-Rubik SIGE aka Simple Image Gallery Extended before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/pluginsige/print.php link with a crafted img, name, or caption parameter...

Cross site scripting

Reflected XSS in Kubik-Rubik SIGE aka Simple Image Gallery Extended before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/pluginsige/print.php link with a crafted img, name, or caption parameter...

CVE-2017-16356

Reflected XSS in Kubik-Rubik SIGE aka Simple Image Gallery Extended before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/pluginsige/print.php link with a crafted img, name, or caption parameter...

F-Secure Radar Cross Site Scripting

F-Secure Radar Persistent Cross-Site Scripting Vulnerability CVE-2018-6189 https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6189 Summary The application can suggest metadata tags for assets, and in doing so it can execute JavaScript entered previously by a malicious user. Vendor Description...

UBUNTU-CVE-2017-1000509

Dolibarr version 6.0.2 contains a Cross Site Scripting XSS vulnerability in Product details that can result in execution of javascript code...

CVE-2017-1000507

Canvs Canvas 3.4.2 is affected by a Cross Site Scripting (XSS) vulnerability in User’s details. The provided connected documents identify the issue but do not specify root cause details, affected subcomponents beyond the User’s details, exploit status, or a confirmed patch version. Potential impa...

CVE-2018-1401

IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 138437...

CVE-2017-14522

In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website...

CVE-2017-14522

In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. NOTE: the vendor disputes this issue stating that this is a feature that enables only a logged in administrator to write execute JavaScript anywhere on their website...

PT-2018-5678 · Wondercms · Wondercms

Name of the Vulnerable Software and Affected Versions: WonderCMS version 2.3.1 Description: The application's input fields accept arbitrary user input, resulting in the execution of malicious JavaScript. It is noted that the vendor disputes this issue, stating it is a feature that enables only a...

PT-2018-5948 · Ibm · Ibm Doors Web Access

Name of the Vulnerable Software and Affected Versions: IBM Doors Web Access versions 9.5 through 9.6 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted session...

WordPress Soundy Audio Playlist Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers.Soundy Audio Playlist plugin is an audio playlist component used in ... A cross-site scripting vulnerability exists in WordPress Soun...

Cross site scripting

An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish ...

UBUNTU-CVE-2017-12098

An exploitable cross site scripting XSS vulnerability exists in the add filter functionality of the railsadmin rails gem version 1.2.0. A specially crafted URL can cause an XSS flaw resulting in an attacker being able to execute arbitrary javascript on the victim's browser. An attacker can phish ...

Sulu-standard cross-site scripting vulnerability

Sulu-standard is an open source CMS Content Management System based on the Symfony PHP framework of the standard version . A cross-site scripting vulnerability exists in the page used to create pages in Sulu-standard version 1.6.6. A remote attacker could exploit this vulnerability to cause a...