Design/Logic Flaw

The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...

CVE-2017-15911

The CVE-2017-15911 entry concerns Ignite Realtime Openfire Server prior to 4.1.7, where the Admin Console is vulnerable to cross-site scripting (XSS) via a crafted setup/setup-host-settings.jsp?domain= link. This allows arbitrary client-side JavaScript execution on victims after login, with poten...

GHSA-5J3G-JFQ3-7JWX Arbitrary JavaScript Execution in bassmaster

A vulnerability exists in bassmaster = 1.5.1 that allows for an attacker to provide arbitrary JavaScript that is then executed server side via eval. Recommendation Update to bassmaster version 1.5.2 or greater...

Arbitrary JavaScript Execution in bassmaster

A vulnerability exists in bassmaster = 1.5.1 that allows for an attacker to provide arbitrary JavaScript that is then executed server side via eval. Recommendation Update to bassmaster version 1.5.2 or greater...

antiquariat-vinke.de XSS vulnerability

Vulnerable URL: http://www.antiquariat-vinke.de/flashdetection.swf?flashContentURL=javascript:alert5389 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 18.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...

CVE-2017-15284

Cross-Site Scripting exists in OctoberCMS 1.0.425 aka Build 425, allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account...

Cross site scripting

Cross-Site Scripting exists in OctoberCMS 1.0.425 aka Build 425, allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account...

OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting

OctoberCMS 1.0.425 Build 425 - Cross-Site Scripting Exploit Title: OctoberCMS 1.0.425 aka Build 425 Stored XSS Vendor Homepage: https://octobercms.com/ Software Link: https://octobercms.com/download Exploit Author: Ishaq Mohammed https://www.exploit-db.com/author/?a=9086 Contact:...

OctoberCMS 1.0.425 Cross Site Scripting

Exploit Title: OctoberCMS 1.0.425 aka Build 425 Stored XSS Vendor Homepage: https://octobercms.com/ Software Link: https://octobercms.com/download Exploit Author: Ishaq Mohammed https://packetstormsecurity.com/files/author/13150/ Contact: https://twitter.com/securityprince Website:...

CVE-2017-15215

Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...

CVE-2017-1369

IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126862...

CVE-2017-1345

IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126460...

CVE-2017-14957

Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can for example change global settings or create/delete posts. It is also possible to execute JavaScript against...

CVE-2017-7554

CVE-2017-7554 affects Red Hat Mobile Application Platform (RHMAP) App Studio 4.4, where the App Studio component executes JavaScript provided by a user, enabling stored XSS against an application administrator. The cited Red Hat advisories and related feeds confirm this vulnerability type and imp...

CVE-2015-5181

The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript...

WordPress Relevanssi Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Relevanssi is one of the WordPress search function to enhance the plugin. A cross-site scripting vulnerability...

Microsoft SharePoint Server CVE-2017-8629 Remote Privilege Escalation Vulnerability

Description Microsoft SharePoint Server is prone to a remote privilege-escalation vulnerability because it fails to properly sanitize user-supplied input. An attackers may exploit this issue to gain elevated privileges. Successful exploits may aid in further attacks. Technologies Affected Microso...

Cross site scripting

DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as...

UBUNTU-CVE-2017-12979

DokuWiki through 2017-02-19c has stored XSS when rendering a malicious language name in a code element, in /inc/parser/xhtml.php. An attacker can create or edit a wiki with this element to trigger JavaScript execution...

CVE-2017-12980

DokuWiki through 2017-02-19c has stored XSS when rendering a malicious RSS or Atom feed, in /inc/parser/xhtml.php. An attacker can create or edit a wiki that uses RSS or Atom data from an attacker-controlled server to trigger JavaScript execution. The JavaScript can be in an author field, as...