Cisco Adaptive Security Appliance WebVPN Cross-Site Scripting Vulnerability (CSCve19179)

According to its self-reported version and configuration, the Cisco Adaptive Security Appliance ASA software running on the remote device is affected by a vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA that could allow an authenticated, remote attacke...

IBM Rational Engineering Lifecycle Manager Cross-Site Scripting Vulnerability (CNVD-2017-20937)

IBM Rational Engineering Lifecycle Manager is a suite of engineering lifecycle management software from IBM in the United States. A cross-site scripting vulnerability exists in IBM Rational Engineering Lifecycle Manager. A remote attacker can exploit this vulnerability to execute embedded arbitra...

IBM InfoSphere Streams Cross-Site Scripting Vulnerability

IBM InfoSphere Streams is a suite of data analytics platforms from IBM in the United States. The platform enables user-developed applications to quickly access, analyze and correlate information from multiple real-time sources. A cross-site scripting vulnerability exists in IBM InfoSphere Streams...

CVE-2017-1168

IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2017-1431

IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 127632...

IBM Emptoris Supplier Lifecycle Management Cross-Site Scripting Vulnerability (CNVD-2017-22797)

IBM Emptoris Supplier Lifecycle Management is a suite of automated management solutions from IBM USA. The product automates all business processes associated with suppliers. A cross-site scripting vulnerability exists in IBM Emptoris Supplier Lifecycle Management versions 10.0.x through 10.1.x. A...

DALIM SOFTWARE ES Core 5.0 build 7184.1 - Directory Traversal

DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Remote File Disclosures Vendor: Dalim Software GmbH Product web page: https://www.dalim.com Affected version: ES/ESPRiT 5.0 build 7184.1 build 7163.2 build 7163.0 build 7135.0 build 7114.1 build 7114.0 build 7093.1 build 7093.0 build 7072.0 build...

A WebSocket Manipulation Proxy: WSSiP

Short for “WebSocket/Socket.io Proxy”, this tool, written in Node.js, provides a user interface to capture, intercept, send custom messages and view all WebSocket and Socket.IO communications between the client and server. Upstream proxy support also means you can forward HTTP/HTTPS traffic to an...

CVE-2017-10013

Vulnerability in the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite subcomponent: User Interface. The supported version that is affected is AK 2013. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun Z...

CVE-2017-10013

Vulnerability in the Sun ZFS Storage Appliance Kit AK component of Oracle Sun Systems Products Suite subcomponent: User Interface. The supported version that is affected is AK 2013. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun Z...

KLA11089 XSS vulnerability in Microsoft Sharepoint Server

An XSS cross-site scripting vulnerability related to an improper sanitizing of web requests was found in Microsoft SharePoint Server. By exploiting this vulnerability malicious users can spoof user interaface. This vulnerability can be exploited remotely via a specially designed web request...

CVE-2017-6764

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance ASA 9.51 could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

IBM InfoSphere Master Data Management Server Cross-Site Scripting Vulnerability

IBM InfoSphere Master Data Management MDM Server is an American IBM solution for helping organizations manage enterprise-wide master data information about customers, suppliers, products, and accounts. A cross-site scripting vulnerability exists in IBM InfoSphere Master Data Management Server. A...

IBM Content Navigator Cross-Site Scripting Vulnerability

IBM Content Navigator enhances your business processes, improves productivity and increases customer engagement by transforming the way content is accessed, delivered and presented. A cross-site scripting vulnerability exists in IBM Content Navigator, which allows an attacker to embed arbitrary...

Debian Security Advisory DSA 3926-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2017-5087 Ned Williamson discovered a way to escape the sandbox. CVE-2017-5088 Xiling Gong discovered an out-of-bounds read issue in the v8 javascript library. CVE-2017-5089 Michal Bentkowski discovered a spoofing issue...

CVE-2017-1199

IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within...

CloudForms: lack of RBAC on various methods in web UI

CloudForms lacks RBAC controls on certain methods in the rails application portion of CloudForms. An attacker with access could use a variety of methods within the rails applications portion of CloudForms to escalate privileges...

Rspamd Cross-Site Scripting Vulnerability

Rspamd is a fast spam filtering system. The system evaluates and filters spam through regular expressions, statistical analysis and blacklists. A cross-site scripting vulnerability exists in the interface/js/app/history.js file of the WebUI in versions of Rspamd prior to 1.6.3. A remote attacker...

IBM InfoSphere Master Data Management Cross-Site Scripting Vulnerability (CNVD-2017-21239)

IBM InfoSphere Master Data Management MDM is an IBM USA solution for helping organizations manage enterprise-wide master data information about customers, suppliers, products, and accounts. The solution supports the centralization of multiple data domains through three master data usage styles:...

IBM InfoSphere Master Data Management Cross-Site Scripting Vulnerability

IBM InfoSphere Master Data Management MDM is an IBM USA solution for helping organizations manage enterprise-wide master data information about customers, suppliers, products, and accounts. The solution supports the centralization of multiple data domains through three master data usage styles:...