Cacti cross-site scripting vulnerability (CNVD-2018-08667)

Cacti is an open source, web-based network monitoring and mapping tool, a front-end application designed for the data logging tool RRDtool. Cacti suffers from a cross-site scripting vulnerability. The vulnerability arises because the getcurrentpage function in lib/functions.php relies on...

Cross site scripting

Cross-site scripting XSS vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin-Logs section with a logs?logs.type= URI and the Manage-Attributes section via the "Name display"...

SAP Solution Manager Incident Management Work Center Cross-Site Scripting Vulnerability

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

Dolibarr ERP/CRM Cross-Site Scripting Vulnerability (CNVD-2018-08335)

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A cross-site scripting vulnerability exists in Dolibarr ERP/CR...

Google Chrome interstitials command execution vulnerability

Google Chrome is a web browser developed by Google Inc. interstitials is one of the pop-up ads plug-ins. A security vulnerability exists in interstitials in Google Chrome, which stems from the program failing to properly validate user-submitted input. The vulnerability can be exploited by a remot...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2018-08048)

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, etc. and supports free switching among three languages Chinese, Japanese, and English. A cross-site scripting vulnerability exists in...

CVE-2018-9034

Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...

CVE-2017-3967

Target influence via framing vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames...

iScripts EasyCreate Cross-Site Scripting Vulnerability

IScripts EasyCreate is a set of online website builder from Iscripts, Inc. The tool can be used on the server for the client to provide website building services , belong to the fully customizable . A cross-site scripting vulnerability exists in the Site Description field in IScripts EasyCreate...

Joomla! Joom Sky JS Jobs Extension Cross-Site Scripting Vulnerability

Joomla! is a U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other features . Joom Sky JS Jobs extension is used in one of the recruitment features with an extension . A cross-site scripting vulnerability...

UBUNTU-CVE-2018-4133

An issue was discovered in certain Apple products. Safari before 11.1 is affected. The issue involves the "WebKit" component. A Safari cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CA API Developer Portal Cross-Site Scripting Vulnerability

CA API Developer Portal is a set of CA's API Application Programming Interface query function for software developers. A cross-site scripting vulnerability exists in the profile picture handling in CA API Developer Portal, which stems from the program failing to properly filter user-submitted HTM...

Apple Safari WebKit cross-site scripting vulnerability (CNVD-2018-07657)

Apple Safari is a web browser from Apple, and is the default browser that comes with the Mac OS X and iOS operating systems.WebKit is a set of open-source web browser engines developed by KDE, Apple, and Google, and is currently used by Apple Safari and Google Chrome, among other browsers. Google...

ASUS RT-N14UHP 'flag' parameter cross-site scripting vulnerability

The ASUS RT-N14UHP is a wireless router device from ASUS. A cross-site scripting vulnerability exists in the 'flag' parameter in ASUS RT-N14UHP devices prior to version 3.0.0.4.380.8015. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

CA API Developer Portal Cross-Site Scripting Vulnerability

CA API Developer Portal is a set of CA's API Application Programming Interface query function for software developers. A cross-site scripting vulnerability exists in the profile picture handling in CA API Developer Portal versions 3.5 through 3.5 CR6, which stems from the program failing to...

bui select component cross-site scripting vulnerability

bui is a front-end framework based on JQuery. select component is one of the search component. A cross-site scripting vulnerability exists in the select component in bui 2018-03-13 and prior versions, which stems from a program performing an escape operation on escaped text. A remote attacker can...

QQQ SYSTEMS cross-site scripting vulnerability (CNVD-2018-07698)

QQQ SYSTEMS is a set of CGI scripts for creating quiz pages. A cross-site scripting vulnerability exists in QQQ SYSTEMS version 2.24. A remote attacker can exploit this vulnerability to inject arbitrary web scripts via the quiz.cgi file...

CVE-2017-7631

Cross-site scripting XSS vulnerability in the share link function of File Station of QNAP 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to inject arbitrary web script or HTML...

BMC Remedy Action Request System Cross-Site Scripting Vulnerability

BMC Remedy Action Request AR System is a suite of mobile digital enterprise management platforms for IT departments from BMC Software, USA. A cross-site scripting vulnerability exists in version 9.0 of the BMC Remedy Action Request AR System prior to 9.0.00 Service Pack 2 hot fix 1. A remote...

dsmall cross-site scripting vulnerability (CNVD-2018-07545)

dsmall is a multi-user platform-level online shopping mall system. A cross-site scripting vulnerability exists in dsmall version 20180320. A remote attacker can exploit this vulnerability by sending the 'pdrsn' parameter to the public/index.php/home/predeposit/index.html page to inject arbitrary...