5207 matches found
CVE-2018-12104
Cross-site scripting XSS vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/newreport.kp URI...
CVE-2018-12104
Cross-site scripting XSS vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/newreport.kp URI...
CVE-2018-12104
Airbnb Knowledge Repo 0.7.4 is reported vulnerable to Cross-site Scripting (XSS) via the post comments functionality (post/posts/new_report.kp). The root cause is improper input validation in the comments feature, as cited by Veracode (improper user input validation) and OSV entries noting the is...
CVE-2018-12104
Cross-site scripting XSS vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/newreport.kp URI...
Joomla! Component jDownloads Cross-Site Scripting Vulnerability
Joomla! is the U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other functions . jDownloads is Joomla! A cross-site scripting vulnerability exists in Joomla! Component jDownloads. Allows remote attackers to...
CVE-2017-9786
CVE-2017-9786 is a Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca. The flaw allows remote attackers to inject arbitrary web script or HTML via the Description field in My account Name updated, related to home.php and ...
Ubuntu 14.04 LTS / 16.04 LTS : Mailman vulnerability (USN-3563-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3563-1 advisory. It was discovered that Mailman incorrectly handled certain web scripts. An attacker could possibly use this to inject arbitrary code. Tenable has...
USN-3563-1: Mailman vulnerability
It was discovered that Mailman incorrectly handled certain web scripts. An attacker could possibly use this to inject arbitrary code...
USN-3563-1 mailman vulnerability
It was discovered that Mailman incorrectly handled certain web scripts. An attacker could possibly use this to inject arbitrary code...
CVE-2017-12072
Cross-site scripting XSS vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter...
CVE-2017-12072
Cross-site scripting XSS vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter...
Ubuntu 14.04 LTS / 16.04 LTS : Werkzeug vulnerability (USN-3463-1)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3463-1 advisory. It was discovered that Werkzeug did not properly handle certain web scripts. A remote attacker could use this to inject arbitrary code via a field tha...
USN-3463-1: Werkzeug vulnerability
It was discovered that Werkzeug did not properly handle certain web scripts. A remote attacker could use this to inject arbitrary code via a field that contains an exception message...
CVE-2017-1000065
Multiple Cross-site scripting XSS vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights ManagementUsers functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser...
CVE-2017-1000065
Multiple Cross-site scripting XSS vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights ManagementUsers functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser...
CVE-2017-1000065
Multiple Cross-site scripting XSS vulnerabilities in rpc.php in OpenMediaVault release 2.1 in Access Rights ManagementUsers functionality allows attackers to inject arbitrary web scripts and execute malicious scripts within an authenticated client's browser...
Subsonic Cross-Site Scripting Vulnerability
Subsonic is a media streaming server that allows users to save music or collect videos on the server. Subsonic suffers from a cross-site scripting vulnerability. A remote attacker could use this vulnerability to persistently inject arbitrary web script or HTML via the name of an uploaded image...
CVE-2017-2171
Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior ...
CVE-2016-4858
Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light...