Pixie cross-site scripting vulnerability (CNVD-2017-04817)

Pixie is an open source lightweight website content management system CMS. The system supports CSS themes, WYSIWYG editors and more. A cross-site scripting vulnerability exists in Pixie version 1.0.4. As the program fails to properly validate user-submitted input. A remote attacker can exploit th...

CherryMusic Cross-Site Scripting Vulnerability

CherryMusic is a music streaming server based on CherryPy and jPlayer. A cross-site scripting vulnerability exists in CherryMusic, which can be exploited by an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site, due to the program...

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2017-04905)

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. Revive Adserver has a cross-site scripting vulnerability. A remote attacker can exploit this vulnerability to...

Gazelle Cross-Site Scripting Vulnerability

Gazelle is a set of web frameworks for BitTorrent trackers. Gazelle suffers from a cross-site scripting vulnerability where the type parameter is not filtered in the Gazelle-master/sections/better/transcode.php file. A remote attacker can exploit this vulnerability to execute arbitrary HTML and...

Gazelle cross-site scripting vulnerability (CNVD-2017-05628)

Gazelle is a set of web frameworks for BitTorrent trackers. A cross-site scripting vulnerability exists in versions of Gazelle prior to 2017-03-19. A remote attacker can exploit the vulnerability to execute arbitrary HTML and script...

Nextcloud Server and ownCloud Server Cross-Site Scripting Vulnerabilities

ownCloud is a free and open source personal cloud storage solution from German company ownCloud. nextcloud is an open source self-hosted file synchronization and sharing communication application platform. ownCloud Server and Nextcloud Server are both a server version of one of them. A cross-site...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2017-04705)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in the...

IBM Call Center for Commerce Cross-Site Scripting Vulnerability

IBM Call Center for Commerce is a Web-based call center solution. The solution supports providing CSRs Customer Service Representatives with a single point of access to business information as well as comprehensive multi-channel interactions with customers. A cross-site scripting vulnerability...

CVE-2017-0110

Cross-site scripting XSS vulnerability in Microsoft Exchange Outlook Web Access OWA allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability."...

DEBIAN-CVE-2016-10203

Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor...

Air Transfer Cross-Site Scripting Vulnerability

Air Transfer Pro is an application for transferring files from your computer to your cell phone over a wireless network. Air Transfer suffers from a cross-site scripting vulnerability that allows remote attackers to exploit exploits to inject script code into client application requests with...

CVE-2017-5008

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML pag...

Revive Adserver REVIVE-SA-2017-001 Cross-Site Scripting Vulnerability

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site scripting vulnerability exists in Revive Adserver 4.0.0 and earlier versions. A remote attacker c...

IBM InfoSphere BigInsights Cross-Site Scripting Vulnerability (CNVD-2017-01312)

IBM InfoSphere BigInsights is a set of software platforms for storing and analyzing Big Data from IBM in the United States. The platform provides solutions for managing and analyzing massive amounts of structured and unstructured data. A cross-site scripting vulnerability exists in IBM Infosphere...

WordPress class-wp-posts-list-table.php cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. A cross-site scripting vulnerability exists in WordPress wp-admin/includes/class-wp-posts-list-table.php, which allows remote attackers...

UBUNTU-CVE-2016-7147

Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...

CVE-2016-9409

Cross-site scripting XSS vulnerability in the Admin control panel in MyBB aka MyBulletinBoard before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving pruning logs...

UBUNTU-CVE-2017-5007

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

UBUNTU-CVE-2017-5010

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...

chromium-browser: universal xss in blink

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...