Tine 2.0 stored cross-site scripting vulnerability (CNVD-2017-30082)

Tine 2.0 provides classic groupware components and sets the standard in the collaboration space. A stored cross-site scripting vulnerability exists in Tine 2.0, which allows authenticated users to inject JavaScript using the vulnerability...

Tine 2.0 Stored Cross-Site Scripting Vulnerability

Tine 2.0 provides classic groupware components and sets the standard in the collaboration space. A stored cross-site scripting vulnerability exists in Tine 2.0, which can be exploited by authenticated users to inject JavaScript...

Tine 2.0 stored cross-site scripting vulnerability (CNVD-2017-30081)

Tine 2.0 provides classic groupware components and sets the standard in the collaboration space. A stored cross-site scripting vulnerability exists in Tine 2.0, which allows authenticated users to inject JavaScript using the vulnerability...

eGroupWare Stored Cross-Site Scripting Vulnerability

eGroupWare is a multi-user, WEB-based workware suite developed on the basis of customization sets on a PHP-based API. A stored cross-site scripting vulnerability exists in eGroupWare, which allows remote attackers to inject JavaScript via the User-Agent HTTP header which is incorrectly handled...

CVE-2017-14923

Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administrator and other users...

CVE-2017-14922

CVE-2017-14922 describes a stored XSS in Tine 2.0 Community Edition prior to 2017.08.4. An authenticated user can inject JavaScript via an IMG element in History views (Profile, Calendar, Tasks, CRM); the payload is mishandled during rendering by admins and other users. The affected software is T...

Cross-Site Scripting (XSS)

Pypeline is vulnerable to cross-site scriptingXSS attacks. The Python library allows the passing of Javascript to the Markup processor...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2017-34480)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2017-34482)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM...

IBM Business Process Manager Cross-Site Scripting Vulnerability

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM...

Stored Cross-Site Scripting Vulnerability in the YoYo Housing App

YouYouGoodHouse app is a rental app created by Chengdu GoodHouse Technology Co. A stored cross-site scripting vulnerability exists in the "About Us" section of the YouYouHaoRooms app. An attacker can insert malicious js code into the page to obtain user cookies and other information, resulting in...

Design/Logic Flaw

An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the...

CVE-2017-14615

An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. When a failed login attempt is made to the login endpoint of the XML-RPC interface, if JavaScript code, properly encoded to be consumed by XML parsers, is embedded as value of the user element, the code will be rendered in the...

CVE-2017-4926

VMware vCenter Server 6.5 prior to 6.5 U1 contains a vulnerability that may allow for stored cross-site scripting XSS. An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page...

Advanced Man In The Middle Framework: Xerosploit

Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for penetration testing purposes. It brings various modules together that will help you perform very efficient attacks. You can also use it to perform denial of service attacks and port scanning. Powere...

Command injection

The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command shell...

Cross-site Scripting (XSS)

automattic/jetpack is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary JavaScript through the modules/shortcodes/polldaddy.php file as it does not properly sanitize the uniqueid parameter...

Apache OFBiz JavaScript Code Injection Vulnerability

Apache OFBiz is an enterprise resource planning system from the Apache Software Foundation in the United States. A security vulnerability in the Apache OFBiz processing form field allows remote attackers to exploit the vulnerability to submit a special request and execute arbitrary JavaScript cod...

CVE-2016-6800

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not...

CVE-2016-6800

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not...