Cross-site Scripting Vulnerability in multiple Hitachi products

Overview A cross-site scripting vulnerability was found in uCosminexus Portal Framework, Groupmax Collaboration, Hitachi Navigation Platform and JP1/Navigation Platform. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2017-15830)

Cisco Firepower Management Center is a new generation of firewall management center software from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the web framework code in Cisco Firepower Management Center versions prior to 6.0.0.0, which arises from the program's...

CVE-2017-3125

An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker...

CherryMusic Cross-Site Scripting Vulnerability

CherryMusic is a music streaming server based on CherryPy and jPlayer. A cross-site scripting vulnerability exists in CherryMusic, which can be exploited by an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site, due to the program...

Gazelle cross-site scripting vulnerability (CNVD-2017-05628)

Gazelle is a set of web frameworks for BitTorrent trackers. A cross-site scripting vulnerability exists in versions of Gazelle prior to 2017-03-19. A remote attacker can exploit the vulnerability to execute arbitrary HTML and script...

IBM InfoSphere BigInsights Cross-Site Scripting Vulnerability (CNVD-2017-01312)

IBM InfoSphere BigInsights is a set of software platforms for storing and analyzing Big Data from IBM in the United States. The platform provides solutions for managing and analyzing massive amounts of structured and unstructured data. A cross-site scripting vulnerability exists in IBM Infosphere...

Tenable Network Security Tenable Nessus Cross-Site Scripting Vulnerability (CNVD-2016-06082)

Tenable Network Security Tenable Nessus is an open source vulnerability scanner from Tenable Network Security, USA. A cross-site scripting vulnerability exists in versions of Tenable Network Tenable Nessus prior to 6.8, which stems from the software failing to properly filter user-submitted input...

PT-2016-5990 · Bosch Rexroth · Bladecontrol-Webvis

Name of the Vulnerable Software and Affected Versions: Rexroth Bosch BLADEcontrol-WebVIS versions 3.0.2 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via unspecified vectors, potentially leading to...

The vulnerability of Google Chrome browser allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

The use of this functionality after release in core/dom/ContainerNode.cpp, within the implementation of the object model for documents in Blink for Google Chrome, allows malicious actors who operate remotely to trigger service failures or exert other effects on the system by executing a script...

Microsoft Edge Elevation of Privilege Vulnerability

Microsoft Edge is the web browser built into the Windows 10 version. Microsoft Edge suffers from an elevation of privilege vulnerability in its implementation due to the program failing to properly validate JavaScript.A remote attacker could exploit this vulnerability to run scripts with elevated...

jenkins: API tokens of other users available to admins (SECURITY-200)

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user...

Cross-site Scripting Vulnerability in uCosminexus Portal Framework and Groupmax Collaboration

Overview A cross-site scripting vulnerability was found in uCosminexus Portal Framework and Groupmax Collaboration. Impact Remote users can exploit a cross-site scripting vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official...

Multiple Cross-site Scripting Vulnerabilities in EUR

Overview Multiple cross-site scripting vulnerabilities were found in EUR. Impact Remote users can exploit these vulnerabilities to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

jsoup: XSS vulnerability related to incomplete tags at EOF

It was found that jsoup did not properly validate user-supplied HTML content; certain HTML snippets could get past the validator without being detected as unsafe. A remote attacker could use a specially crafted HTML snippet to execute arbitrary web script in the user's browser...

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2015-06635)

Microsoft SharePoint Server and SharePoint Foundation are both business collaboration platforms from Microsoft Corporation. A cross-site scripting vulnerability exists in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1. A remote attacker can exploit this vulnerability to...

Fortinet FortiAnalyzer 'sql-query' Cross-Site Scripting Vulnerability

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The solution is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

Cross-site Scripting Vulnerability in JP1/IT Desktop Management - Manager and Hitachi IT Operations Director

Overview A cross-site scripting vulnerability was found in the online help of JP1/IT Desktop Management - Manager and Hitachi IT Operations Director. Impact Remote users can exploit a cross-site scripting vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information...

Cross-site Scripting Vulnerability in Hitachi Application Server Help

Overview Hitachi Application Server Help contains a cross-site scripting vulnerability. Impact A remote attacker can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Plain Black WebGUI 'style-underground/search' cross-site scripting vulnerability

WebGUI is a CMS Content Management System software that is mainly used to facilitate the publishing and maintenance of website content. A cross-site scripting vulnerability exists in Plain Black WebGUI 'style-underground/search'. This allows remote attackers to execute arbitrary web script or HTM...

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...