4584 matches found
CVE-2015-0724
Multiple cross-site scripting XSS vulnerabilities in dncs 7.0.0.12 in Cisco Headend Digital Broadband Delivery System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a 1 GET or 2 POST request, aka Bug ID CSCur25604...
Fortinet FortiAnalyzer 'sql-query' Cross-Site Scripting Vulnerability
Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The solution is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...
Dokeos 'forum' and 'origin' cross-site scripting vulnerabilities
Dokeos is an open source online education and course management system . The system supports file uploading , courseware production , notification and other teaching support functions. Dokeos 1.8.4 and previous versions of cross-site scripting vulnerabilities , the vulnerability stems from...
IBM WebSphere MQ XR WebSockets Listener Cross-Site Scripting Vulnerability
IBM WebSphere MQ is a messaging middleware product that provides a reliable and proven messaging backbone for Service Oriented Architecture SOA. A cross-site scripting vulnerability in IBM WebSphere MQ XR WebSockets Listener allows remote attackers to exploit the vulnerability to inject malicious...
Drupal Cloudwords for Multilingual Drupal module cross-site scripting vulnerability
Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community. cloudwords for Multilingual Drupal is one of the modules that provides multiple language translations. A cross-site scripting vulnerability exists in the Drupal Cloudwords for...
Cisco Unified MeetingPlace Cross-Site Scripting Vulnerability (CNVD-2015-02651)
Cisco Unified MeetingPlace is the United States Cisco Cisco company's set of multimedia conferencing solutions. The solution provides a user environment that integrates voice, video and Web conferencing. A cross-site scripting vulnerability exists in the Web management interface of Cisco Unified...
Adobe ColdFusion suffers from an unspecified cross-site scripting vulnerability (CNVD-2015-02633)
Adobe ColdFusion is a dynamic Web server , its CFML is a programming language , similar to the current JSP in the JSTL. Adobe ColdFusion has an unspecified cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which c...
Kemp Virtual LoadMaster /progs/geoctrl/doadd fqdn stored cross-site scripting vulnerability
Kemp Virtual LoadMaster is a virtual load balancer. Kemp Virtual LoadMaster /progs/geoctrl/doadd handles the fqdn parameter cross-site scripting vulnerability, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code that can be used to gain access to...
MediaWiki cross-site scripting vulnerability (CNVD-2015-02416)
MediaWiki is a Wiki program. A cross-site scripting vulnerability exists in the Html class of MediaWiki. When the program uses a language variant, a remote attacker can exploit the vulnerability by replacing strings with LanguageConverter to inject arbitrary web script or HTML...
DEBIAN-CVE-2015-2939
Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...
DEBIAN-CVE-2015-2934
MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xmlparse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file...
DEBIAN-CVE-2015-2933
Cross-site scripting XSS vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant...
DEBIAN-CVE-2015-2932
Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element...
DEBIAN-CVE-2015-2931
Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI...
CVE-2015-2931
Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI...
UBUNTU-CVE-2015-2931
Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI...
UBUNTU-CVE-2015-2939
Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...
Multiple Cross-Site Scripting Vulnerabilities in IBM Business Process Manager
IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in Proce...
IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2015-01946)
IBM Business Process Manager BPM is a comprehensive set of business process management platforms from IBM in the U.S. It provides a range of tools related to business process modeling, assembly, monitoring, and deployment.WebSphere Lombardi Edition WLE is the predecessor of the BPM product. A...
IBM Rational DOORS Next Generation and Rational Requirements Composer Cross-Site Scripting Vulnerability
IBM Rational DOORS Next Generation and Rational Requirements Composer are both requirements management solutions from IBM USA. The solutions are primarily used to define, manage, and report on requirements throughout the project lifecycle. A cross-site scripting vulnerability exists in IBM Ration...