CVE-2018-0367

A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected service. The vulnerability is due to...

Cisco Registered Envelope Service Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected service. The vulnerability is due to...

Microsoft Edge CVE-2018-8383 Spoofing Vulnerability

Description Microsoft Edge is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft Edge...

Microsoft Edge CVE-2018-8388 Spoofing Vulnerability

Description Microsoft Edge is prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected Microsoft Edge...

MantisBT 2.1.0 - 2.15.0 'View Filters' And 'Edit Filter' Pages XSS Vulnerabilities - Windows

MantisBT is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

MantisBT 2.1.0 - 2.15.0 'View Filters' And 'Edit Filter' Pages XSS Vulnerabilities - Linux

MantisBT is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Apache Axis CVE-2018-8032 Cross-Site Scripting Vulnerability

Description Apache Axis is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due...

CVE-2018-0411

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due...

Cisco Unified Communications Manager Reflected Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due...

Cisco Small Business 300 Series Managed Switches Persistent Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Sx300 Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

Cross site scripting

Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...

CVE-2018-0396

A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to...

Cross site scripting

A vulnerability in the web framework of the Cisco Unified Communications Manager IM and Presence Service software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Microsoft Internet Explorer CVE-2018-0949 Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a security-bypass vulnerability. Successfully exploiting this issue may allow an attacker to bypass certain security restrictions and perform unauthorized actions. This may lead to other attacks. Internet Explorer 9, 10 and 11 are vulnerable...

CVE-2018-1355

An open redirect vulnerability in Fortinet FortiManager 6.0.0, 5.6.5 and below versions, FortiAnalyzer 6.0.0, 5.6.5 and below versions allows attacker to inject script code during converting a HTML table to a PDF document under the FortiView feature. An attacker may be able to social engineer an...

CVE-2018-1355

CVE-2018-1355 is an open-redirect vulnerability in Fortinet FortiManager/FortiAnalyzer (affected: FortiManager 6.0.0 and earlier; FortiAnalyzer 6.0.0 and earlier) exploited via FortiView HTML-table-to-PDF conversion. It allows an attacker to inject script URLs into a generated PDF, potentially vi...

GhostMail - (Status Message) Persistent Web Vulnerability

Document Title: =============== GhostMail - Status Message Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1470 Release Date: ============= 2018-06-27 Vulnerability Laboratory ID VL-ID: ==================================== 14...

EMS Master Calendar Cross-Site Scripting Vulnerability

EMS Master Calendar is a schedule management system from EMS Software, USA. The system provides instant access to dates and locations. A cross-site scripting vulnerability exists in versions prior to EMS Master Calendar 8.0.0.201805210, where the program fails to properly filter user-submitted...