4979 matches found
austinschools.org XSS vulnerability
Vulnerable URL: http://www.austinschools.org/it/flashdetection.swf?flashContentURL=javascript:alert1 Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 11.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1164964 VI...
Cross-site Scripting (XSS)
loofah is vulnerable to cross-site scripting XSS attacks. The library is does not properly sanitize nested script tags, allowing a malicious user to inject and execute arbitrary Javascript...
CVE-2017-15214
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users including unauthenticated users, via the name, title, or id parameter to...
CVE-2017-15215
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...
CVE-2017-15215
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...
CVE-2017-15213
Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the realname or emailaddress field to themes/CleanFS/templates/common.editallusers.tpl...
CVE-2017-15214
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users including unauthenticated users, via the name, title, or id parameter to...
Cross site scripting
Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges and also to execute JavaScript against other users including unauthenticated users, via the name, title, or id parameter to...
CVE-2017-15215
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...
Flyspray Stored Cross-Site Scripting Vulnerability
Flyspray is a lightweight, web-based, bug tracking system written in PHP to assist in software development and project management. Flyspray suffers from a stored cross-site scripting vulnerability, which allows an authenticated user to gain administrator privileges by injecting JavaScript via the...
dotCMS Stored Cross-Site Scripting Vulnerability
dotCMS is a content management system CMS from the United States dotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A cross-site scripting vulnerability exists in the vanity-urls Title field in dotCMS version 4.1.1, which originat...
CVE-2017-15215
Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can for example take over the admin session or change global settings or add/delete links. It is also...
Magento E-Commerce Platform Cross-Site Scripting Vulnerability
Magento E-Commerce Platform is an open source PHP e-commerce system of the United States Magento company . The system provides rights management , search engines and payment gateways and other functions . A cross-site scripting vulnerability exists in Magento E-Commerce Platform version 1.9.0.1. ...
IBM Rational Engineering Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2017-33349)
IBM Rational Engineering Lifecycle Manager RELM is a suite of engineering lifecycle management software from IBM in the United States. A cross-site scripting vulnerability exists in IBM RELM. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...
IBM Rational Engineering Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2017-33353)
IBM Rational Engineering Lifecycle Manager RELM is a suite of engineering lifecycle management software from IBM in the United States. A cross-site scripting vulnerability exists in IBM RELM. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...
IBM Rational Engineering Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2017-33346)
IBM Rational Engineering Lifecycle Manager RELM is a suite of engineering lifecycle management software from IBM in the United States. A cross-site scripting vulnerability exists in IBM RELM. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...
CVE-2017-9537
SolarWinds Network Performance Monitor 12.0.15300.90 is affected by CVE-2017-9537 (and related records) due to a persistent XSS in the Add Node function. An attacker can inject arbitrary JavaScript into multiple vulnerable parameters (e.g., City, Comments, Department) during node-adding workflows...
CVE-2017-14957
Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can for example change global settings or create/delete posts. It is also possible to execute JavaScript against...
CVE-2017-14957
CVE-2017-14957 is a stored XSS vulnerability in BlogoText prior to 3.7.6. The attack path is through a comment in inc/conv.php, allowing an unauthenticated attacker to inject JavaScript. If the victim is an administrator, the attacker can alter global settings or create/delete posts; it can also ...
Cross site scripting
Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users...