Cross site scripting

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL...

CVE-2023-31155 Improper Neutralization of Input During Web Page Generation

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller SEL RTAC Web Interface could allow a remote authenticated attacker to inject and execute arbitrary script code. See SEL...

Siemens SCALANCE X Switches Improper Neutralization of Input During Web Page Generation (CVE-2018-4842)

A vulnerability has been identified in SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.4.1, SCALANCE X-200RNA switch family All versions V3.2.7, SCALANCE X-300 switch family incl. X408 and SIPLUS NET variants All versions V4.1.3. A remote, authenticated attacker with...

CVE-2022-20872

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...

CVE-2022-20645

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

CVE-2022-20639 Cisco Security Manager Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the...

Cisco Virtualized Voice Browser Cross-Site Scripting Vulnerability

Cisco Virtualized Voice Browser is an application from Cisco, Inc. A virtualized voice browser. Cisco Virtualized Voice Browser suffers from a cross-site scripting vulnerability that originates from the web's administrative interface not properly validating user-supplied input. An attacker could...

PT-2020-1882 · Cisco · Cisco Dna Center

Name of the Vulnerable Software and Affected Versions: Cisco DNA Center Software versions prior to 1.3.0.6 Cisco DNA Center Software versions prior to 1.3.1.4 Description: The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affect...

Microsoft SharePoint Server CVE-2019-0670 Spoofing Vulnerability

Description Microsoft SharePoint Server is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft...

Microsoft Team Foundation Server CVE-2019-0742 Cross Site Scripting Vulnerability

Description Microsoft Team Foundation Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to insert and display spoofed content and to execute arbitrary script code in the browser of an unsuspecting...

DHCP Client Script Code Execution Vulnerability(CVE-2018-1111)

Red Hat has been made aware of a command injection flaw found in a script included in the DHCP client dhclient packages in Red Hat Enterprise Linux 6 and 7. A malicious DHCP server, or an attacker on the local network able to spoof DHCP responses, could use this flaw to execute arbitrary commands...

Easy!Appointments v1.2.1 Multiple Stored XSS Vulnerabilities

Summary Easy!Appointments is a highly customizable web application that allows your customers to book appointments with you via the web. Moreover, it provides the ability to sync your data with Google Calendar so you can use them with other services. It is an open source project and you can...

Microsoft Internet Explorer and Edge CVE-2017-8602 Spoofing Vulnerability

Description Microsoft Internet Explorer and Edge are prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected...

Python Tablib Arbitrary Command Execution Vulnerability

Tablib is a Python library related to tabular format data that allows importing, exporting, and managing tabular format data. An arbitrary command execution vulnerability exists in Python Tablib version 0.11.4, which allows an attacker to execute arbitrary script code in the context of an affecte...

Microsoft Internet Explorer and Edge CVE-2017-0231 Spoofing Vulnerability

Description Microsoft Internet Explorer and Edge are prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected...

Microsoft Internet Explorer and Edge CVE-2017-0033 Spoofing Vulnerability

Description Microsoft Internet Explorer and Edge are prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected...

CVE-2017-6390

CVE-2017-6390 impacts whatanime.ga due to insufficient filtration of user-supplied data passed to the the path “whatanime.ga-master/index.php”. The connected CNVD entry describes a cross-site scripting vulnerability where an attacker can cause arbitrary HTML/JavaScript to execute in a browser con...

CVE-2016-6844

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within SVG files is maintained when opening such files "in browser" based on our Mail or Drive app. In case of "a" tags, this may include link targets with base64 encoded "data" references. Malicious script code c...

CVE-2016-5124

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially...

Design/Logic Flaw

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can...