IBM Cognos Controller Cross-Site Scripting Vulnerability

IBM Cognos Controller is a suite of business intelligence and planning solutions from IBM in the United States. The product features process automation, financial audit control, and the creation and management of financial reports. A cross-site scripting vulnerability exists in IBM Cognos...

PT-2019-16917 · Ibm · Ibm Cognos Controller

Name of the Vulnerable Software and Affected Versions: IBM Cognos Controller versions 10.2.0 through 10.4.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted...

Cross-site Scripting (XSS)

Apache Sling is vulnerable to cross-site scripting XSS. The attack is possible because it does not sanitize appenderName in the function renderAppenderContent of SlingLogPanel, allowing a remote attacker to inject arbitrary Javascript into a victim's browser...

CVE-2019-10336

A reflected cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.6 and earlier allowed attackers able to control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in job configuration forms containing post-build steps provided by this plugin...

Cross site scripting

A stored cross site scripting vulnerability in Jenkins ElectricFlow Plugin 1.1.5 and earlier allowed attackers able to configure jobs in Jenkins or control the output of the ElectricFlow API to inject arbitrary HTML and JavaScript in the plugin-provided output on build status pages...

CVE-2018-5405

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal session cookies of oth...

CVE-2018-5405

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal session cookies of oth...

Design/Logic Flaw

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal session cookies of oth...

CVE-2018-5405 The Quest Kace K1000 Appliance is vulnerable to JavaScript injection.

The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows an authenticated least privileged user with 'User Console Only' rights to potentially inject arbitrary JavaScript code on the tickets page. Script execution could allow a malicious user of the system to steal session cookies of oth...

CVE-2018-5405

CVE-2018-5405 affects Quest Kace K1000 Appliance (SMA) versions prior to 9.0.270. A authenticated, least-privileged user with ‘User Console Only’ rights can inject arbitrary JavaScript on the tickets page due to insufficient input neutralization, enabling potential session cookie theft and takeov...

CVE-2019-10325

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages...

CVE-2019-10325

A cross-site scripting vulnerability in Jenkins Warnings NG Plugin 5.0.0 and earlier allowed attacker with Job/Configure permission to inject arbitrary JavaScript in build overview pages...

The vulnerability of the Network Configuration Transfer tool, The Expedition Migration tool—which exists due to the lack of measures taken to protect the website structure—allows a hacker to inject arbitrary JavaScript or HTML code into the uploaded web page.

The vulnerability of the Network Configuration Transfer tool exists because measures to protect the website structure have not been taken. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript or HTML code into the uploaded web page...

Design/Logic Flaw

An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the applicatio...

CVE-2017-11560

An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded HTML is also interpreted by the applicatio...

CVE-2017-11560

CVE-2017-11560 affects ZOHO ManageEngine OpManager 12.2. An authenticated user can upload an HTML file via a Google Map integration, which is then rendered in multiple locations and can execute JavaScript in the application. This creates a potential cross-site scripting path through the uploaded ...

CVE-2019-4011

IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 155885...

Cross site scripting

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS...

CVE-2019-6514

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS...

CVE-2019-6514

An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to inject a JavaScript payload that will be stored in the database and then displayed and executed on the same page, aka XSS...