IBM iNotes Cross-Site Scripting Vulnerability (CNVD-2017-27829)

IBM iNotes also known as IBM Lotus iNotes is the United States IBM's set of Web-based e-mail software. A cross-site scripting vulnerability exists in IBM iNotes versions 8.5 and 9.0. A remote attacker can exploit this vulnerability to inject arbitrary JavaScript code into the Web UI...

IBM Rational Software Architect Design Manager Cross-Site Scripting Vulnerability

IBM Rhapsody Design Manager DM is a suite of collaborative design management software from IBM. The software supports the use of centralized system repositories with Web-based access to store, share, search, and manage design models, as well as software to automate design reviews. A cross-site...

IBM Emptoris Strategic Supply Management Platform Cross-Site Scripting Vulnerability

IBM Emptoris Strategic Supply Management is a common Web-based portal access to the Emptoris suite of products management platform from IBM. A cross-site scripting vulnerability exists in IBM Emptoris Strategic Supply Management versions 10.0.0.x through 10.1.1.x. A remote attacker could use this...

IBM Emptoris Strategic Supply Management Platform Cross-Site Scripting Vulnerability (CNVD-2017-23341)

IBM Emptoris Strategic Supply Management is a common Web-based portal access to the Emptoris suite of products management platform from IBM. A cross-site scripting vulnerability exists in IBM Emptoris Strategic Supply Management versions 10.0.0.x through 10.1.1.x. A remote attacker could use this...

IBM Information Server Framework and InfoSphere Information Server on Cloud Cross-Site Scripting Vulnerability

IBM Information Server Framework and InfoSphere Information Server on Cloud are both products of the U.S. company IBM. The former is a set of data integration platform framework; the latter is a set of cloud-based data integration platform. A cross-site scripting vulnerability exists in IBM...

IBM Emptoris Sourcing Cross-Site Scripting Vulnerability (CNVD-2017-21231)

IBM Emptoris Sourcing is a source-to-contract solution from IBM USA. The solution helps organizations get affordable prices and greater value from suppliers by examining factors such as cost, risk and performance in sourcing decisions. A cross-site scripting vulnerability exists in IBM Emptoris...

IBM Rational Team Concert Cross-Site Scripting Vulnerability (CNVD-2017-15923)

IBM Rational Team Concert RTC is the U.S. IBM's set of Jazz-based platform and support for decentralized teams for real-time collaboration related to software lifecycle management solutions. A cross-site scripting vulnerability exists in IBM RTC. A remote attacker can exploit this vulnerability t...

IBM Rational Collaborative Lifecycle Management and Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2017-11424)

IBM Rational Collaborative Lifecycle Management CLM and Rational Quality Manager RQM are both products of the U.S. company IBM. The former is a collaborative lifecycle management solution, the latter is a collaborative, Web-based quality management solution. A cross-site scripting vulnerability...

FortiOS XSS vulnerabilities via User Groups & Config Revision Comments

Two XSS vulnerabilities were reported to us affecting FortiOS that can be exploited to load and run a remote malicious Javascript in a logged in browser...

IBM Rational DOORS Next Generation Station Scripting Vulnerability (CNVD-2017-08547)

IBM Rational DOORS Next Generation DNS is a suite of software for capturing, tracking, analyzing, and managing requirements from IBM, USA. The software provides a single platform for global team collaboration to manage requirements more efficiently and share unified user, server and project...

Hitachi Device Manager and Replication Manager Cross-Site Scripting Vulnerability

Hitachi Device Manager and Replication Manager are both products of Hitachi, Japan.Hitachi Device Manager is software that manages multiple Hitachi storage systems from a single console and provides logical view capabilities to align storage assets with business applications. Replication Manager ...

Cross-site scripting vulnerability in multiple IBM Rational products (CNVD-2016-13286)

IBM Rational Collaborative Lifecycle Management CLM, etc. are products of IBM Corporation in the U.S. IBM Rational CLM, Rational Team Concert RTC and Rational Engineering Lifecycle Manager RELM are collaborative lifecycle management solutions; Rational DOORS Next Generation RDNG is a requirements...

chromium-browser: info leak in extensions

A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and 54.0.2840.99 for Windows, and 54.0.2840.98 for Mac allowed a remote attacker to access privileged JavaScript code via a crafted HTML page...

UBUNTU-CVE-2016-7148

MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting XSS" issue affecting the action=AttachFile via page name component...

Yandex Browser for desktop Yandex Browser Translator Cross-Site Scripting Vulnerability

Yandex Browser for desktop is a desktop browser from the Russian company Yandex.Yandex Browser Translator is one of the translation applications. A cross-site scripting vulnerability exists in Yandex Browser Translator in Yandex Browser for desktop versions 15.12 through 16.2. A remote attacker c...

IBM Financial Transaction Manager for ACH Cross-Site Scripting Vulnerability

IBM Financial Transaction Manager FTM for ACH Services is a Financial Transaction Manager product from IBM USA, which is used to monitor, track and report on financial payments and transactions. A cross-site scripting vulnerability exists in Financial Transaction Manager FTM for ACH Services...

PYSEC-2015-27

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types...

PYSEC-2015-25

The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types...

UBUNTU-CVE-2015-5825

WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code...

Schneider Electric Modicon PLC File Containment Vulnerability

Modicon PLCs are programmable controller products used in industries such as dams, energy, food and agriculture, and more. Modicon PLCs are implemented with a file inclusion vulnerability that can be exploited by an attacker to construct a specific URL that can be used to load Java script through...