PT-2020-2159 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: A cross-site scripting issue exists due to inadequate protection of the web page structure. This...

Amazon AWS JavaScript S3 Explorer Cross-Site Scripting Vulnerability

Amazon AWS JavaScript S3 Explorer is a set of S3 browsers. A cross-site scripting vulnerability exists in Amazon AWS JavaScript S3 Explorer explorer.js, which can be exploited by remote attackers to inject malicious script or HTML code, which can be used to gain access to sensitive information or...

CVE-2020-5528

CVE-2020-5528 is a cross-site scripting vulnerability in Movable Type series (including Movable Type 7, 6.5, and related editions) that allows remote attackers to inject arbitrary web script or HTML into the block editor and Rich Text Editor via a specially crafted URL. The vulnerability affects ...

CVE-2013-3565

Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...

UBUNTU-CVE-2013-3565

Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...

UBUNTU-CVE-2013-6451

Cross-site scripting XSS vulnerability in MediaWiki 1.19.9 before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via unspecified CSS values...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

The vulnerability of software for integrating SAP NetWeaver Process Integration corporate applications lies in insufficient encoding of user-input data, allowing attackers to execute malicious scripts.

The vulnerability of software for integrating SAP NetWeaver Process Integration corporate applications is related to insufficient encoding of user-input data. Exploiting this vulnerability allows a malicious actor to execute malicious scripts remotely...

Cisco Data Center Analytics Framework Cross-Site Scripting Vulnerability (CNVD-2020-02286)

Cisco Data Center Analytics Framework DCAF application is a set of data center analytics frameworks from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the web management interface in Cisco Data Center Analytics Framework Releases prior to 8.3.7.5.4, which stems from...

CVE-2020-6758

A cross-site scripting XSS vulnerability in Option/optionsAll.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 KDI Version allows remote attackers to inject arbitrary web script or HTML via the ContentFrame parameter...

CVE-2019-5988

Stored cross-site scripting vulnerability in Access analysis CGI An-Analyzer released in 2019 June 24 and earlier allows remote attackers to inject arbitrary web script or HTML via the Management Page...

Telos Automated Message Handling System Cross-Site Scripting Vulnerability

Telos Automated Message Handling System is an automated message handling system that automates the Web-based distribution and management of enterprise-wide organizational messages. A cross-site scripting vulnerability exists in itemlookup.asp in Telos Automated Message Handling System versions...

Telos Automated Message Handling System Cross-Site Scripting Vulnerability (CNVD-2020-04115)

Telos Automated Message Handling System AMHS is an automated message handling system that enables automated Web-based distribution and management of enterprise-wide organizational messages. A cross-site scripting vulnerability exists in ModalWindowPopup.asp in Telos Automated Message Handling...

CVE-2019-9541

: Information Exposure vulnerability in itemlookup.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System versions prior to 4.1.5.5...

CVE-2019-9538

: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling...

CVE-2019-9537

: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in uploaditem.asp of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling System...

CVE-2019-6033

Cross-site scripting vulnerability in a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2019-6011

Cross-site scripting vulnerability in wpDataTables Lite Version 2.0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

PT-2019-18459 · Synology · Video Station

Name of the Vulnerable Software and Affected Versions: Video Station versions prior to the latest version Description: This issue allows remote attackers to inject and execute scripts on the administrator’s management console through a cross-site scripting XSS vulnerability in Video Station...

CVE-2013-0203

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 unspecified parameters to apps/calendar/ajax/event/new.php or 2 url parameter to apps/bookmarks/ajax/addBookmark.php...