CVE-2016-6055

IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Referen...

Cross site scripting

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. More Information: CSCvc72741. Known Affected Releases: 6.2.1...

Design/Logic Flaw

A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are...

CVE-2017-3844

A vulnerability in exporting functions of the user interface for Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to view file directory listings and download files. Affected Products: Cisco Prime Collaboration Assurance software versions 11.0, 11.1, and 11.5 are...

Cross-site scripting vulnerability in multiple IBM products (CNVD-2017-02280)

IBM Rational Collaborative Lifecycle Management CLM, etc. are products of IBM Corporation in the U.S. IBM Rational CLM, Rational Team Concert RTC and Rational Engineering Lifecycle Manager RELM are collaborative lifecycle management solutions; Rational DOORS Next Generation RDNG is a requirements...

UBUNTU-CVE-2017-5016

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to prevent certain UI elements from being displayed by non-visible pages, which allowed a remote attacker to show certain UI elements on a page they don't control via a crafted HTML page...

KLA10962 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to spoof user interface and cause a denial of service,bypass security restrictions. Below is a complete list of vulnerabilities: 1. Inability to prevent alerts from being displayed...

Cisco Secure Access Control System XML External Entity Vulnerability

A vulnerability in the web-based user interface of the Cisco Secure Access Control System ACS could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity XXE wh...

Cisco Firepower Management Center Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability occurs because the affected software fails to perform sufficient validation a...

Cross site scripting

Cross-site scripting XSS vulnerability in the Web user interface UI in Intel Security ePO 5.1.3, 5.1.2, 5.1.1, and 5.1.0 allows authenticated users to inject malicious Java scripts via bypassing input validation...

CVE-2016-5902

IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2017-1128

IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

IBM Tivoli Key Lifecycle Manager Cross-Site Scripting Vulnerability

IBM Security Key Lifecycle Manager centralizes, simplifies and automates encryption and key management, helping users minimize risk and reduce operational costs. A cross-site scripting vulnerability exists in IBM Tivoli Key Lifecycle Manager versions 2.0.1, 2.5, 2.6, which could allow a remote...

CVE-2016-6096

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

EMC RecoverPoint and EMC RecoverPoint for Virtual Machines Command Injection Vulnerability

EMC RecoverPoint and EMC RecoverPoint for Virtual Machines VMs are both products of EMC Corporation. The former is a set of disaster recovery and data protection software, and the latter is a disaster recovery solution for VMware environments. A command injection vulnerability exists in EMC...

CVE-2016-6649

EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for Virtual Machines versions before 5.0 are affected by multiple command injection vulnerabilities where a malicious administrator with configuration privileges may bypass the user interface and escalate his privileges to root...

Cisco Prime Home Web-Based User Interface XML External Entity Vulnerability (cisco-sa-20160921-cph)

A vulnerability in the web-based user interface of Cisco Prime Home could allow an unauthenticated, remote attacker to have read access to part of the information stored in the affected system. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced...

CVE-2016-9704

IBM Security Identity Manager Virtual Appliance is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2016-5881

IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2016-5942

IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...