PrestaShop Cross-Site Scripting Vulnerability

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A cross-site scripting vulnerability exists in PrestaShop version 1.7.2.4. A remote...

Cross-site Scripting (XSS)

github.com/koding/koding is vulnerable to cross-site scripting XSS attacks. The application does not properly encode the about field in a user's profile, allowing a malicious user to inject and execute arbitrary Javascript...

CVE-2017-14594

The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the jqlQuery query parameter...

Symantec ProxySG Cross-Site Scripting Vulnerability

Symantec ProxySG is a security gateway appliance from Symantec USA. A cross-site scripting vulnerability exists in Symantec ProxySG. A remote attacker could exploit this vulnerability by using a specially crafted management console to inject arbitrary JavaScript code into the management console's...

Symantec ASG and ProxySG Cross-Site Scripting Vulnerabilities

Symantec Advanced Secure Gateway ASG and ProxySG are both security gateway appliances from Symantec, Inc. management console is one of the management consoles. A cross-site scripting vulnerability exists in the management console in Symantec ASG and ProxySG. A remote attacker could exploit this...

Cross Site Scripting in PAN-OS Captive Portal

A vulnerability exists in PAN-OS Captive Portal that could allow for a cross-site scripting XSS attack to be performed against clients viewing the captive portal page when configured in a certain way. Ref PAN-85238 / CVE-2017-16878 Successful exploitation of this issue may allow an attacker to...

Cross Site Scripting Vulnerability in PAN-OS GlobalProtect

A vulnerability exists in PAN-OS GlobalProtect when either the gateway or the portal are configured. This issue could allow for a cross-site scripting XSS attack. Ref PAN-81586 / CVE-2017-15941 Successful exploitation of this issue may allow an attacker to inject arbitrary javascript or HTML. Thi...

CVE-2018-3810

Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code via the sgcgoogleanalytic parameter that runs on all pages served by WordPress. The saveGoogleCode function in...

content.golfscape.com XSS vulnerability

Open Bug Bounty ID: OBB-467054 Description| Value ---|--- Affected Website:| content.golfscape.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention...

Cross site scripting

IBM Business Process Manager 8.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 128692...

CVE-2017-4940

The ESXi Host Client in VMware ESXi 6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG contains a vulnerability that may allow for stored cross-site scripting XSS. An attacker can exploit this vulnerability by injecting Javascript, which might get...

IBM iNotes Cross-Site Scripting Vulnerability (CNVD-2018-00664)

IBM iNotes also known as IBM Lotus iNotes is a set of Web-based e-mail software from IBM in the United States. The software helps different types of users online and offline users to effectively manage business-critical information and collaboration. A cross-site scripting vulnerability exists in...

CVE-2017-1421

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2017-1546

IBM DOORS Next Generation DNG/RRC 4.07, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

CVE-2017-11507

A cross site scripting XSS vulnerability exists in CheckMK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the outputformat parameter, and the username parameter of failed HTTP basic authentication...

Samsung Internet Browser SOP Bypass

This module takes advantage of a Same-Origin Policy SOP bypass vulnerability in the Samsung Internet Browser, a popular mobile browser shipping with Samsung Android devices. By default, it initiates a redirect to a child tab, and rewrites the innerHTML to gather credentials via a fake pop-up. Thi...

IBM Sterling File Gateway Cross-Site Scripting Vulnerability

IBM Sterling File Gateway is a suite of file transfer software from IBM in the United States. The software integrates different centers of file transfer activity and facilitates the secure exchange of file-based data over the Internet. A cross-site scripting vulnerability exists in IBM Sterling...

Ubiquiti Inc.: Stored XSS => community.ubnt.com

Due to an error on the user input validation process, it was possible to create posts in some forums on community.ubnt.com with arbitrary HTML code, an especially crafted message could inject Javascript code on the page, resulting in stored XSS. A Stored XSS issue Was Discovered in ubnt Community...

IBM DOORS Next Generation Cross-Site Scripting Vulnerability (CNVD-2017-38359)

IBM Rational DOORS Next Generation DNG/RRC is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM, USA. The software provides a single platform for global team collaboration to manage requirements more efficiently, sharing unified users, servers and project...

Cross-site Scripting (XSS)

Concrete5 is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary JavaScript through parameters in the conversation editor...