Default configuration

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not...

CVE-2016-6800

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not...

IBM Sametime Cross-Site Scripting Vulnerability (CNVD-2017-27544)

IBM Sametime is a suite of next-generation social communication tools from IBM in the United States. The tool helps users realize real-time business collaboration by integrating audio voice, data and video. A cross-site scripting vulnerability exists in IBM Sametime versions 8.5.2 and 9.0. A remo...

CVE-2016-2975

IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 113935...

IBM Curam Social Program Management Cross-Site Scripting Vulnerability (CNVD-2017-25505)

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site scripting vulnerability exists in IBM Curam SPM. A remote attacker can exploit this vulnerability to inject...

IBM Sametime Meetings Server Arbitrary Code Execution Vulnerability (CNVD-2017-26377)

IBM Sametime is a set of next-generation social communication tools from IBM in the United States. The tool helps users realize real-time business collaboration by integrating audio voice, data, and video.Sametime Meeting Server is one of the Web conferencing components used in Sametime chat and...

Atlassian Crucible Cross-Site Scripting Vulnerability

Atlassian Crucible is a suite of code review tools from Atlassian Australia. The tool provides a review process for reviewing code, discussing changes, sharing knowledge, and identifying defects. review dashboard resource is one of the dashboard repositories. A cross-site scripting vulnerability...

Atlassian FishEye repository changelog resource cross-site scripting vulnerability

Atlassian FishEye is a suite of source code repository deep view software from Atlassian Australia. The software provides navigation, search, historical reporting and change analysis. repository changelog resource is one of the updated repositories. A cross-site scripting vulnerability exists in...

CVE-2017-9507

The review dashboard resource in Atlassian Crucible from version 4.1.0 before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the review filter title parameter...

CVE-2017-9509

The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the charset of a previously uploaded file...

CVE-2017-9508

Various resources in Atlassian Fisheye and Crucible before version 4.4.1 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through the name of a repository or review file...

CVE-2017-13138

DOM based Cross-site scripting XSS vulnerability in the Bridge theme before 11.2 for WordPress allows remote attackers to inject arbitrary JavaScript...

Cross-Site Scripting Vulnerability in Mythos™ Documentation Management System

Mythos™ Document Management System is a library management reference platform with a professional database as the backend data storage on Windows or UNIX/Linux platform. A cross-site scripting vulnerability exists in the Mythic™ document management system, which can be exploited by remote attacke...

OSNEXUS QuantaStor v4 Virtual Appliance Cross-Site Scripting Vulnerability

OSNEXUS QuantaStor v4 virtual appliance is a virtual storage appliance from OSNEXUS USA. A cross-site scripting vulnerability exists in OSNEXUS QuantaStor v4 virtual appliance versions prior to 4.3.1. A remote attacker can exploit this vulnerability to inject arbitrary HTML or JavaScript code...

Stored Cross-Site Scripting Vulnerability in DocCMS x1.0

DocCMS rice husk enterprise building system, also known as rice husk cms, doccms, formerly known as deep throat enterprise building system ShlCms, is the industry's leading free open source enterprise website building system, enterprise website generation system. DocCMS x1.0 online message at the...

CVE-2017-7799

JavaScript in the "about:webrtc" page is not sanitized properly being assigned to "innerHTML". Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting XSS attack...

IBM iNotes Cross-Site Scripting Vulnerability (CNVD-2017-27829)

IBM iNotes also known as IBM Lotus iNotes is the United States IBM's set of Web-based e-mail software. A cross-site scripting vulnerability exists in IBM iNotes versions 8.5 and 9.0. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

IBM Content Navigator Cross-Site Scripting Vulnerability

IBM Content Navigator enhances your business processes, improves productivity and increases customer engagement by transforming the way content is accessed, delivered and presented. A cross-site scripting vulnerability exists in IBM Content Navigator, which allows an attacker to embed arbitrary...

IBM Worklight Cross-Site Scripting Vulnerability

IBM Worklight is a suite of solutions for developing, testing, managing and securing HTML5, hybrid and native mobile applications from IBM USA. A cross-site scripting vulnerability exists in IBM Worklight. A remote attacker can inject arbitrary JavaScript code into the Web UI...

MantisBT admin/install.php file cross-site scripting vulnerability

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in the admin/install.php file in versions 2.x prior to MantisBT 2.5.2 an...