4577 matches found
PT-2016-6143 · Pulse · Pulse Connect Secure
Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure PCS versions 7.4 through 7.4r13.3 Pulse Connect Secure PCS versions 8.0 through 8.0r8 Pulse Connect Secure PCS versions 8.1 through 8.1r1 Pulse Connect Secure PCS versions 8.2 through 8.2r0 Description: A cross-site...
CVE-2016-4575
Cross-site scripting XSS vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before...
WordPress Cross-Site Scripting Vulnerability (CNVD-2016-03647)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation. A cross-site scripting vulnerability exists in the wp-includes/wp-db.php file in versions of WordPress prior to 4.2.2, which can be exploited by remote attackers to inject arbitrary web...
CVE-2016-2153
Cross-site scripting XSS vulnerability in the advanced-search feature in moddata in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL, as...
CVE-2016-4567
Cross-site scripting XSS vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."...
CVE-2016-1564
Multiple cross-site scripting XSS vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a 1 stylesheet name or 2 template name to wp-admin/customize.php...
UBUNTU-CVE-2016-4566
Cross-site scripting XSS vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution SOME attack...
UBUNTU-CVE-2016-1564
Multiple cross-site scripting XSS vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a 1 stylesheet name or 2 template name to wp-admin/customize.php...
Wordpress Scoreme Theme Cross-Site Scripting Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports in PHP and MySQL servers to set up a personal blog site.ScoreMe is a plugin for WordPress. A cross-site scripting vulnerability exists in Wordpress Scoreme Theme. A...
PT-2017-7998 · Red Hat · Red Hat Satellite
Name of the Vulnerable Software and Affected Versions: Red Hat Satellite 5 affected versions not specified Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The affected API...
IBM Marketing Platform Cross-Site Scripting Vulnerability
IBM Marketing Platform is a suite of marketing platforms from IBM in the United States. The platform supports marketers in leveraging and analyzing customer interactions on websites, cell phones and social media to deliver targeted marketing campaigns to customers. A cross-site scripting...
ikiwiki cross-site scripting vulnerability (CNVD-2016-03223)
Ikiwiki is a wiki compiler that supports the conversion of wiki pages into HTML pages for web publishing. A cross-site scripting vulnerability exists in the 'cgierror' function in Ikiwiki's CGI.pm file, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML...
CVE-2016-2350
Multiple cross-site scripting XSS vulnerabilities on the Accellion File Transfer Appliance FTA before FTA91240 allow remote attackers to inject arbitrary web script or HTML via unspecified input to 1 getimageajax.php, 2 movepartitionframe.html, or 3 wmInfo.html...
CVE-2016-0901
Cross-site scripting XSS vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900...
Secure Item Hub Persistent Input Validation Vulnerability
Secure Item Hub app is able to transfer files between iphone or ipad and computer on the same wifi network. A persistent input validation vulnerability exists in Secure Item Hub, which could allow a remote attacker to inject malicious persistent script code on the application side of the mobile a...
CVE-2016-3126
Cross-site scripting XSS vulnerability in the Management Console in BlackBerry Enterprise Server BES 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2016-1918
Cross-site scripting XSS vulnerability in the Management Console in BlackBerry Enterprise Server BES 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917...
CVE-2016-1652
Cross-site scripting XSS vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS...
SilverStripe CMS & Framework Cross-Site Scripting Vulnerability
SilverStripe CMS & Framework is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. A cross-site scripting vulnerability exists in SilverStripe CMS & Framework versions prior to 3.1.16 and 3.2.x prior to 3.2.1, which can be exploited by...
CVE-2016-4016
Cross-site scripting XSS vulnerability in SAP Manufacturing Integration and Intelligence aka MII, formerly xMII 15 allows remote attackers to inject arbitrary web script or HTML via the title parameter to webdynpro/resources/sap.com/xappsxmiiuiadminnavigation/NavigationApplication, aka SAP Securi...