CVE-2016-1149

Cross-site scripting XSS vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, and CVE-2016-1150...

Apache Solr webapp/web/js/scripts/schema-browser.js cross-site scripting vulnerability

Apache Solr is an enterprise-ready, Lucene-based search server. A cross-site scripting vulnerability exists in webapp/web/js/scripts/schema-browser.js in the Admin UI of Apache Solr versions prior to 5.3. A remote attacker can inject arbitrary web script or HTML via a constructed schema-browse UR...

DEBIAN-CVE-2015-7579

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class...

UBUNTU-CVE-2015-7578

Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via crafted tag attributes...

Sauter moduWeb Vision Web Server Cross-Site Scripting Vulnerability

Sauter moduWeb Vision is an embedded web-based SCADA system for HVAC. A cross-site scripting vulnerability exists in the web server of Sauter modoWeb Vision, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain access to...

CloudBees Jenkins CI and LTS Cross-Site Scripting Vulnerability

CloudBees Jenkins CI is a set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . LTS is a long-term support for CloudBees Jenkins CI version . A...

CVE-2016-1305

Cross-site scripting XSS vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM 1.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving HTML entities, aka Bug ID CSCux15511...

CVE-2015-8793

Cross-site scripting XSS vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937...

CVE-2016-1300

Cross-site scripting XSS vulnerability in Cisco Unity Connection UC 10.52.3009 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582...

CVE-2016-0209

Cross-site scripting XSS vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-0209

Cross-site scripting XSS vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-1135

Cross-site scripting XSS vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlie...

Microsoft Exchange Server Cross-Site Scripting Vulnerability (CNVD-2016-00279)

Microsoft Exchange Server is a popular enterprise-class mail server developed by Microsoft. A cross-site scripting vulnerability exists in Microsoft Exchange Server that allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2016-0032

Cross-site scripting XSS vulnerability in Outlook Web Access OWA in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability."...

CVE-2016-0031

Cross-site scripting XSS vulnerability in Outlook Web Access OWA in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0029...

TYPO3 back-end component cross-site scripting vulnerability (CNVD-2016-00179)

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in the back-end components of TYPO3 versions 6.2.x before 6.2.16 and 7.x before 7.6.1. A remote attacker can exploit this vulnerabilit...

Cross-site Scripting Vulnerability in uCosminexus Portal Framework and Groupmax Collaboration

Overview A cross-site scripting vulnerability was found in uCosminexus Portal Framework and Groupmax Collaboration. Impact Remote users can exploit a cross-site scripting vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official...

PT-2015-7108 · Ipswitch · Ipswitch Whatsup Gold

Name of the Vulnerable Software and Affected Versions: IPSwitch WhatsUp Gold versions prior to 16.4 Description: The issue allows remote attackers to inject arbitrary web script or HTML via multiple fields, including 1 an SNMP OID object, 2 an SNMP trap message, 3 the View Names field, 4 the Grou...

CVE-2015-7927

Cross-site scripting XSS vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-4998

Cross-site scripting XSS vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different...