CVE-2018-5405

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal session cookies of oth...

Design/Logic Flaw

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal session cookies of oth...

CVE-2018-5405

CVE-2018-5405 affects Quest Kace K1000 Appliance (SMA) versions prior to 9.0.270. A authenticated, least-privileged user with ‘User Console Only’ rights can inject arbitrary JavaScript on the tickets page due to insufficient input neutralization, enabling potential session cookie theft and takeov...

CVE-2018-5405 The Quest Kace K1000 Appliance is vulnerable to JavaScript injection.

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal session cookies of oth...

CVE-2019-10325

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages...

CVE-2019-10325

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages...

Design/Logic Flaw

An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the applicatio...

CVE-2017-11560

An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the applicatio...

CVE-2017-11560

CVE-2017-11560 affects ZOHO ManageEngine OpManager 12.2. An authenticated user can upload an HTML file via a Google Map integration, which is then rendered in multiple locations and can execute JavaScript in the application. This creates a potential cross-site scripting path through the uploaded ...

CVE-2019-4011

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155885...

Cross site scripting

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS...

CVE-2019-6514

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS...

CVE-2019-6514

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS...

CVE-2019-11812

CVE-2019-11812 is a persistent XSS in MISP prior to 2.4.107. The vulnerability is in the PHP component app/View/Helper/CommandHelper.php, where JavaScript can be injected via the discussion interface and triggered by clicking a link. Affected product/version: MISP (before 2.4.107). Root cause is ...

Cross Site Scripting (XSS) in Demisto

A cross-site scripting XSS vulnerability exists in the Palo Alto Networks Demisto. Ref CVE-2019-1568 Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. This issue affects Demisto 4.5 build 40249 Work around: N/A...

CVE-2018-16220

Cross Site Scripting in different input fields domain field and personal settings in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker local or remote to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name...

CVE-2018-16220

Cross Site Scripting in different input fields domain field and personal settings in AudioCodes 405HD VoIP phone with firmware 2.2.12 allows an attacker local or remote to inject JavaScript into the web interface of the device by manipulating the phone book entries or manipulating the domain name...

CVE-2018-16220

CVE-2018-16220 affects AudioCodes 405HD VoIP phone with firmware 2.2.12. Affected component: the device’s web interface. Root cause: Cross Site Scripting in input fields (domain field and personal settings) that lets an attacker inject JavaScript by manipulating phone book entries or the domain n...

Cross site scripting

Persistent cross-site scripting XSS in http/cervlet.c in Tildeslash Monit before 5.25.3 allows a remote unauthenticated attacker to introduce arbitrary JavaScript via manipulation of an unsanitized user field of the Authorization header for HTTP Basic Authentication, which is mishandled during an...

Cross-Site Scripting (XSS)

com.liferay.currency.converter.web is vulnerable to cross-site scripting XSS attacks. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the symbol to steal session tokens or perform unwanted actions on behalf of the user...