映射到 CWE-79 的搜索结果 (7330)

CVE-2012-4377(发布:2017-10-26 16:29:00)NMCOS
CVSS4.3

[CNNVD]MediaWiki 跨站脚本漏洞--MediaWiki是一个自由、免费、内容开放的百科全书协作计划。 MediaWiki早期版本至1.18.5版本和1.19.2版本中存在跨站脚本漏洞,该漏洞源于通过File::link传递给不存在图像的输入在使用之前缺少过滤。攻击者可利用该洞窃取基于cookie的认证证书,执行未授权操作,或绕过某些安...

CVE-2012-4378(发布:2017-10-26 16:29:00)NMCO
CVSS4.3

[CNNVD]MediaWiki "uselang"参数跨站脚本漏洞--MediaWiki是一个自由、免费、内容开放的百科全书协作计划。 MediaWiki早期版本至1.18.5版本和1.19.2版本中存在跨站脚本漏洞,该漏洞源于通过"uselang"参数传递给index.php的输入在通过某些工具返回给用户之前缺少过滤。攻击者可利用这些漏洞窃取基于cookie的认证证...

CVE-2017-7732(发布:2017-10-26 09:29:00)NMS
CVSS4.3

[原文]A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail 5.1 and earlier, 5.2.0 through 5.2.9, and 5.3.0 through 5.3.9 customized pre-authentication webmail login page allows attacker to inject arbitrary web script or HTML via crafted HTTP requests.

CVE-2017-7335(发布:2017-10-26 09:29:00)NMS
CVSS3.5

[原文]A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-sanitized parameters "refresh" and "branchtotable" present in HTTP POST requests.

CVE-2017-1363(发布:2017-10-25 08:29:00)NMS
CVSS3.5

[原文]IBM Team Concert (RTC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 126856.

CVE-2017-1169(发布:2017-10-25 08:29:00)NMPS
CVSS3.5

[原文]IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123188.

首页上一页12345678下一页尾页 第3页 / 共1222页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站