PT-2019-9622 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the bo mobile content tail parameter, also referred to as the "mobile board tail contents" parameter, in the adm/board form...

PT-2019-9621 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the bo mobile subject parameter, also referred to as the "mobile board title contents" parameter, in the adm/board form...

PT-2019-9619 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the me link parameter, also known as the "Menu Link" parameter, in the adm/menu list update.php endpoint. This can be exploite...

PT-2019-9617 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the bo mobile content head parameter, also known as the "mobile board head contents" parameter, in the adm/board form update.p...

PT-2019-9618 · Gnuboard · Gnuboard5

Name of the Vulnerable Software and Affected Versions: GNUBOARD5 version 5.3.1.9 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the bo content head parameter, also known as the "board head contents" parameter, in the adm/board form update.php endpoint...

CVE-2019-5962

Cross-site scripting vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2019-11825

Cross-site scripting XSS vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter...

IBM Rational Quality Manager Cross-Site Scripting Vulnerability (CNVD-2019-20849)

IBM Rational Collaborative Lifecycle Management CLM is a suite of collaborative lifecycle management solutions from IBM in the United States. The solution combines three products, RTC, RQM, and RRC, in a single IBM SmartCloud Enterprise cloud environment image to provide requirements management,...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

Kanboard Cross-Site Scripting Vulnerability

Kanboard is a suite of open source visual task board software. The software is able to customize the panels according to the business. A cross-site scripting vulnerability exists in the app / Core / Paginator.php file in versions prior to Kanboard 1.2.8. A remote attacker can exploit this...

CVE-2019-5928

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.6.3 allows remote attackers to inject arbitrary web script or HTML via Customize Item function...

CVE-2017-12788

Multiple cross-site scripting XSS vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the 1 class1 parameter or the 2 anyid parameter...

PT-2019-9127 · Gnu · Gnuboard5

Name of the Vulnerable Software and Affected Versions: gnuboard5 versions prior to 5.3.1.6 Description: The issue is related to a Cross-Site Scripting XSS vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML in the adm/faqmasterformupdate.php file...

MISP Cross-Site Scripting Vulnerability (CNVD-2019-12145)

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and features threat cybersecurity event analysis and malware analysis hood. A cross-site scripting vulnerability exists in the default distribution template in the...

ArcSight Logger Cross-Site Scripting Vulnerability

Micro Focus ArcSight Logger is a suite of log management software from Micro Focus UK. The software collects and integrates data from any log generation source for log management, searching, indexing, reporting, analysis and retention. A cross-site scripting vulnerability exists in Micro Focus...

Columbia Weather Systems Weather MicroServer Cross-Site Scripting Vulnerability

Columbia Weather Systems Weather MicroServer is a weather monitoring device from Columbia Weather Systems, USA. A cross-site scripting vulnerability exists in Columbia Weather Systems Weather MicroServer MS2.6.9900 and prior versions, which arises from the program failing to properly validate...

Phamm Permission License and Access Control Vulnerabilities

Phamm a.k.a. PHP LDAP Virtual Hosting Manager is a PHP-based web hosting manager that supports multiple roles with access rights to manage virtual services using an LDAP backend. A privilege permission and access control vulnerability exists in Phamm version 0.6.8. A remote attacker can exploit...

YzmCMS Cross-Site Scripting Vulnerability (CNVD-2019-07929)

YzmCMS is an open source CMS Content Management System by Yuan Zhimeng programmers in China. A cross-site scripting vulnerability exists in YzmCMS version 5.2. A remote attacker can use the 'column name' parameter of admin/category/edit.html page to inject arbitrary Web script or HTML with the he...

DiliCMS Cross-Site Scripting Vulnerability (CNVD-2019-07939)

DiliCMS is a content management system CMS based on Codelgniter. A cross-site scripting vulnerability exists in the site URL text box in DiliCMS version 2.4.0. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

Dradis Cross-Site Scripting Vulnerability

Dradis is a suite of reporting and collaboration tools for information security teams. A cross-site scripting vulnerability exists in Dradis Community Edition version 3.11 and earlier. A remote attacker can exploit this vulnerability to execute arbitrary script in a user's browser...