4577 matches found
Tenable Nessus Cross-Site Scripting Vulnerability (CNVD-2017-00224)
Tenable Network Security Tenable Nessus is an open source vulnerability scanner from Tenable Network Security, USA. A cross-site scripting vulnerability exists in versions of Tenable Network Security Tenable Nessus prior to 6.9.3. A remote attacker can exploit this vulnerability to inject arbitra...
WordPress WooCommerce Plugin Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.WooCommerce is one of the e-commerce plug-ins. A cross-site scripting vulnerability exists in WordPress WooCommerce...
Tiki Wiki CMS Groupware cross-site scripting vulnerability (CNVD-2016-13244)
Tiki Wiki CMS is a suite of open source content management and portal applications from the Tiki software community that can be used to create web applications, portals, corporate intranets, extranets, and more. A cross-site scripting vulnerability exists in forms with the...
EUVD-2016-8136
Cross-site scripting XSS vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7206...
UBUNTU-CVE-2016-5191
Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via crafted HTML pages, as demonstrated by an interpretation confli...
McAfee VirusScan Enterprise Cross-Site Scripting Vulnerability
McAfee VirusScan Enterprise is a suite of antivirus software from the American company McAfee. The software provides a full range of security protection, scans memory for malicious code and optimizes updates for remote systems. A cross-site scripting vulnerability exists in VirusScan Enterprise f...
chromium-browser: universal xss in blink
Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
chromium-browser: universal xss in blink
Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
Google Chrome Blink Cross-Site Scripting Vulnerability (CNVD-2016-12102)
Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A cross-site scripting vulnerability exists in Blink in versions of Google Chrome prior to 55.0.2883.75. A remote attacker can...
UBUNTU-CVE-2016-5208
Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
Piwigo 'search_rules.php' Cross-Site Scripting Vulnerability
Piwigo is a web-based photo album software from the Piwigo team. The software supports photo publishing, management, multiple browsing options categories, tags, time, and more. A cross-site scripting vulnerability exists in the 'search results front end' feature in Piwigo version 2.8.3. A remote...
CVE-2016-2934
Cross-site scripting XSS vulnerability in IBM BigFix Remote Control before 9.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-7251
Cross-site scripting XSS vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vulnerability."...
Moodle CMS Cross-Site Scripting Vulnerability
Moodle is an open source course management system CMS, also known as a learning management system LMS. A cross-site scripting vulnerability exists in Moodle CMS 3.1.2 and prior versions. Due to the program failing to adequately filter user-submitted input. Allows remote attackers to inject...
CVE-2016-0246
Cross-site scripting XSS vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
UBUNTU-CVE-2016-5181
Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted execution of v8 microtasks while the DOM was in an inconsistent state, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via crafted HTML pages...
Contenido v4.9.11 - (Backend) Multiple XSS Vulnerabilities
Document Title: =============== Contenido v4.9.11 - Backend Multiple XSS Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1928 Release Date: ============= 2016-10-09 Vulnerability Laboratory ID VL-ID: ====================================...
CVE-2016-6436
Cross-site scripting XSS vulnerability in HostScan Engine 3.0.08062 through 3.1.14018 in the Cisco Host Scan package, as used in ASA Web VPN, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuz14682...
CVE-2016-6425
Cross-site scripting XSS vulnerability in Cisco Unified Intelligence Center CUIC 8.5.4 through 9.11, as used in Unified Contact Center Express 10.01 through 11.01, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCuy75020 and CSCuy81652...
CVE-2016-5061
Multiple cross-site scripting XSS vulnerabilities in the web server in Aternity before 9.0.1 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTPAgent, 2 MacAgent, 3 getExternalURL, or 4 retrieveTrustedUrl page...