i-doit 跨站脚本漏洞

i-doit is a configuration management database software from i-doit Inc. A cross-site scripting vulnerability exists in i-doit pro that stems from a lack of proper cleanup of the id, lang, mNavID, name, pID, treeNode, type, and view parameters...

CVE-2018-18247

Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter...

CVE-2016-3975

Cross-site scripting XSS vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP...