CVE-2020-35725

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2020-35725

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2020-35203

Reflected XSS in Web Compliance Manager in Quest Policy Authority version 8.1.2.200 allows attackers to inject malicious code into the browser via a specially crafted link to the initFile.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported b...

PT-2021-11837 · Quest · Quest Policy Authority

Name of the Vulnerable Software and Affected Versions: Quest Policy Authority version 8.1.2.200 Description: The issue allows remote attackers to inject malicious code into the browser via a specially crafted link to the "/WebCM/index.jsp" file using the msg parameter. This affects products that...

Quest Software Policy Authority For Unified Communications 跨站脚本漏洞

Quest Policy Authority For Unified Communications is a software from Quest, Inc. that is used in corporate environments to consolidate communication data between various media text and instant messaging, video conferencing, email and voicemail. A cross-site scripting vulnerability exists in Quest...

Microstrategy Web Cross-Site Scripting Vulnerability (CNVD-2018-23268)

MicroStrategy Web is a highly interactive, easy-to-use application for report analysis and continuous business monitoring. A cross-site scripting vulnerability exists in Microstrategy Web 7. The vulnerability stems from Microstrategy Web failing to adequately encode user-controlled input. An...

CVE-2018-18775

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability via the Login.asp Msg parameter. NOTE: this is a deprecated product...

CVE-2018-18775

The vulnerability CVE-2018-18775 affects Microstrategy Web 7, where Login.asp Msg parameter input is not sufficiently encoded, causing a Cross-Site Scripting (XSS). The NVD entry notes input encoding weaknesses leading to XSS with a base CVSS v3.0 score of 6.1 (Network, Low user interaction requi...

DedeCMS Cross-Site Scripting Vulnerability (CNVD-2018-19871)

DedeCMS is a PHP-based web content management system CMS. A cross-site scripting vulnerability exists in the /plus/feedbackajax.php file in DedeCMS version 5.7 SP2, which can be exploited by remote attackers to execute JavaScript code with the help of the onhashchange attribute in the 'msg'...

Cross site scripting

Cross-site scripting XSS vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

CVE-2011-5297

Multiple cross-site scripting XSS vulnerabilities in TTChat 1.0.4 allow remote attackers to inject arbitrary web script or HTML via 1 the msg parameter to default.php or 2 the username parameter to chatform.php...

Cross site scripting

Cross-site scripting XSS vulnerability in oleggo-twitter/twitterloginform.php in the Oleggo LiveStream plugin 0.2.6 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the 1 xss parameter in an allow action to rss.php, 2 msg parameter to end-user/errdoc.php, 3 h parameter to end-user/ftpredirect.php, or 4...

Sql injection

Multiple SQL injection vulnerabilities in sign.php in tinyguestbook allow remote attackers to execute arbitrary SQL commands via the 1 name and 2 msg parameters. NOTE: some of these details are obtained from third party information...

CVE-2011-5199

Cross-site scripting XSS vulnerability in sign.php in tinyguestbook allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

CVE-2012-1835

Multiple cross-site scripting XSS vulnerabilities in the All-in-One Event Calendar plugin 1.4 and 1.5 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 title parameter to app/view/agenda-widget-form.php; 2 args, 3 title, 4 beforetitle, or 5 aftertitle parameter...

Symantec Endpoint Protection Manager TestConnection.jsp 'Msg' Parameter XSS (SYM11-009 & SYM12-001)

The version of Symantec Endpoint Protection Manager running on the remote web server is affected by a cross-site scripting XSS vulnerability due to improper sanitization of input to the 'Msg' parameter in the TestConnection.jsp file. An unauthenticated, remote attacker can exploit this...

CVE-2008-6876

Cross-site scripting XSS vulnerability in login.php in EsPartenaires 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037...

CVE-2009-2033

Cross-site scripting XSS vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via 1 the msg parameter aka the message in an article comment or 2 the searchterm parameter aka the search post form. NOTE: some of these details are obtained from thi...