CVE-2016-0265

IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL ...

Bypassing Device-Resource Restrictions

Cordova is vulnerable to the bypass of intended device-resource restrictions. Leveraging on an event-based bridge, a library clone, and an IFRAME script execution, a remote attacker is able to wait for a certain amount of time for an OnJsPrompt handler return value as an alternative to correct...

BINOM3 Electric Power Quality Meter (Update A)

CVSS v3 10 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: BINOM3 Equipment: Electric Power Quality Meter Vulnerabilities: Cross-site scripting, access control issues, cross-site request forgery CSRF, sensitive information stored in clear-text, and weak credentials management...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2017-01082)

Cisco Unified Communications Manager is a call processing component of a Cisco IP telephony solution. A cross-site scripting vulnerability exists in Cisco Unified Communications Manager that stems from a failure to validate user input. An attacker could use this vulnerability to execute arbitrary...

Cisco NetFlow Generation Appliance Cross-Site Scripting Vulnerability

The Cisco NetFlow Generation Appliance is a scalable cost-effective solution for traffic visibility in today's high-performance data centers. A cross-site scripting vulnerability exists in the Cisco NetFlow Generation Appliance that stems from a failure to properly validate user input. An attacke...

b2evolution cross-site scripting vulnerability (CNVD-2017-01089)

b2evolution is a PHP and MySQL based blogging software developed by software developer Francois Planque. A cross-site scripting vulnerability exists in b2evolution due to a failure of the program to properly validate user input. An attacker could use this vulnerability to execute arbitrary script...

HP Diagnostics Cross-Site Scripting Vulnerability

HP Diagnostics is a suite of end-to-end application management, monitoring, diagnostic analysis and troubleshooting solutions from Hewlett-Packard. A cross-site scripting vulnerability exists in HP Diagnostics. An attacker can exploit this vulnerability to execute arbitrary script code in a user'...

Olive Diary DX vulnerable to cross-site scripting

Overview Olive Diary DX provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the page parameter. Impact An artbitrary script may be executed on the user's web browser. Solution Do not use Olive Diary DX Olive Diary DX is no longer being develop...

Atlassian Confluence HTML Injection Vulnerability

Atlassian Confluence is a professional enterprise knowledge management and collaboration software that can also be used to build enterprise WiKi. An HTML injection vulnerability exists in Atlassian Confluence. An attacker can exploit the vulnerability to execute arbitrary script code in the brows...

BitTorrent API Cross-Site Scripting Vulnerability

BitTorrent is a set of peer-to-peer file uploading and downloading software based on the BitTorrent protocol from the American company BitTorrent. A cross-site scripting vulnerability exists in BitTorrent. An attacker can exploit this vulnerability to execute arbitrary script code in the browser ...

SAP HANA Cockpit Cross-Site Scripting Vulnerability

SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions, users can directly query and analyze a large amount of real-time business data. A cross-site scripting vulnerability exists in SAP HANA. As the program fails to properly filter...

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability CWE-79 due to an issue in "Messages" function of Cybozu Garoon Keitai. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...

Cisco AsyncOS Software for Email Security Appliances Cross-Site Scripting Vulnerability

Cisco AsyncOS Software for Email Security Appliances ESA is a set of operating systems used in Email Security Appliances ESA from Cisco USA. A cross-site scripting vulnerability exists in Cisco AsyncOS Software for ESA that stems from a failure to adequately filter user-submitted input. An attack...

CVE-2016-6850

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser...

CVE-2016-6847

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user's context. This c...

CVE-2016-5124

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially...

CVE-2016-4045

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed...

CVE-2016-4026

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can...

Design/Logic Flaw

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a...

CVE-2016-4045

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed...