Cross site scripting

IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

Man-in-the-middle Remote Code Execution Vulnerability in Ali Want Want Windows Edition

Aliwangwang is a personal transaction communication software customized for Taobao, which facilitates real-time communication between buyers and sellers in the transaction process. A man-in-the-middle remote code execution vulnerability exists in Ali Want Want for Windows. Since Ali Want Want use...

Cross-Site Scripting (XSS)

flower is vulnerable to cross-site scripting XSS attacks. A malicious user can inject and execute arbitrary javascript via the url due the lack of user input sanitization...

IBM Kenexa LMS on Cloud Cross-Site Scripting Vulnerability (CNVD-2017-00561)

IBM Kenexa LMS on Cloud is a configurable, enterprise-grade social learning management system LMS from IBM that integrates social networking, collaboration, and knowledge sharing capabilities. The system provides interactive features and supports users to evaluate learning content and share their...

IBM Kenexa LMS on Cloud Cross-Site Scripting Vulnerability (CNVD-2017-00562)

IBM Kenexa LMS on Cloud is a configurable, enterprise-grade social learning management system LMS from IBM that integrates social networking, collaboration, and knowledge sharing capabilities. The system provides interactive features and supports users to evaluate learning content and share their...

IBM Security Identity Manager Virtual Appliance Cross-Site Scripting Vulnerability (CNVD-2017-00457)

IBM Security Identity Manager ISIM is a suite of identity management and governance solutions from IBM in the United States. A cross-site scripting vulnerability exists in the IBM Security Identity Manager Virtual Appliance. An attacker can exploit this vulnerability to inject arbitrary JavaScrip...

Cross-Site Scripting (XSS)

delayedjobweb is vulnerable to cross-site scripting XSS attacks. The page that displays the queued jobs doesn't escape content, allowing a malicious user to inject and execute arbitrary Javascript...

IBM WebSphere Application Server Cross-Site Scripting Vulnerability

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. A cross-site scripting vulnerability exists in IBM WAS. An...

Cross-site scripting vulnerability in multiple IBM Rational products (CNVD-2016-13288)

IBM Rational Collaborative Lifecycle Management CLM, etc. are products of IBM Corporation in the U.S. IBM Rational CLM, Rational Team Concert RTC and Rational Engineering Lifecycle Manager RELM are collaborative lifecycle management solutions; Rational DOORS Next Generation RDNG is a requirements...

Cross-site scripting vulnerability in multiple IBM Rational products (CNVD-2016-13286)

IBM Rational Collaborative Lifecycle Management CLM, etc. are products of IBM Corporation in the U.S. IBM Rational CLM, Rational Team Concert RTC and Rational Engineering Lifecycle Manager RELM are collaborative lifecycle management solutions; Rational DOORS Next Generation RDNG is a requirements...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2016-13273)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM...

Security vulnerabilities fixed in Firefox 50.1 — Mozilla

A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. Event...

Adcon Telemetry A850 Telemetry Gateway Base Station Cross-Site Scripting Vulnerability

The Adcon Telemetry A850 Telemetry Gateway Base Station is a wireless telemetry system from Adcon Telemetry of Austria. A cross-site scripting vulnerability exists in the Adcon Telemetry A850 Telemetry Gateway Base Station. An attacker can exploit this vulnerability to inject arbitrary JavaScript...

XSS Cross-Site Scripting Vulnerability and CSRF Vulnerability in OpenPortal Network Access System

OpenPortal network access authentication system supports standard Portal protocol, Portal V1 V2 protocol, CMCC protocol, WISPr protocol and PAP CHAP authentication, widely used in smart communities, smart cities, smart hospitals, plazas, large-scale supermarkets, hotels, tourist attractions,...

IBM Web Content Manager Production Analytics Cross-Site Scripting Vulnerability

IBM Web Content Manager Production Analytics is a product of IBM Corporation, USA. A cross-site scripting vulnerability exists in IBM Web Content Manager Production Analytics, which can be exploited by an attacker to inject arbitrary JavaScript code into the Web UI...

MoinMoin HTML Injection Vulnerability (CNVD-2016-11259)

MoinMoin is a set of open source , scalable wiki engine program based on the Python environment . An HTML injection vulnerability exists in MoinMoin version 1.9.8. A remote attacker can exploit this vulnerability to inject arbitrary JS code via a specially crafted URL...

CVE-2016-7148

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting XSS" issue affecting the action=AttachFile via page name component...

CVE-2016-7146

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting XSS" issue affecting the action=fckdialog&dialog=attachment via page name component...

PYSEC-2016-31

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting XSS" issue affecting the action=AttachFile via page name component...

Cross site scripting

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting XSS" issue affecting the action=fckdialog&dialog=attachment via page name component...