映射到 CWE-79 的搜索结果 (7330)

CVE-2017-1164(发布:2017-10-25 08:29:00)NMPS
CVSS3.5

[原文]IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123036.

CVE-2017-1209(发布:2017-10-24 17:29:00)NMS
CVSS3.5

[原文]IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 123849.

CVE-2016-3049(发布:2017-10-24 17:29:00)NMS
CVSS3.5

[原文]IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 114712.

CVE-2011-4333(发布:2017-10-23 14:29:00)NMO
CVSS4.3

[原文]Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) from parameter to index.php or the (2) page_no parameter to recentchanges.php.

CVE-2012-4567(发布:2017-10-23 14:29:00)NMCS
CVSS4.3

[CNNVD]LetoDMS 多个跨站脚本漏洞和SQL注入漏洞--LetoDMS早期版本至3.3.8版本中存在多个跨站脚本漏洞和SQL注入漏洞,这些漏洞源于没有充分验证用户提供的数据。攻击者利用这些漏洞窃取cookie认证证书,控制应用程序,访问或修改数据,或利用底层数据库中潜在的漏洞。

CVE-2012-4569(发布:2017-10-23 14:29:00)NMCS
CVSS4.3

[CNNVD]LetoDMS 多个跨站脚本漏洞--LetoDMS早期版本至3.3.9版本中存在多个跨站脚本漏洞,这些漏洞源于没有正确验证用户提供的输入。攻击者利用这些漏洞在受影响站点上下文中不知情用户浏览器中执行任意脚本代码。窃取基于cookie认证证书并发起其他攻击。

首页上一页23456789下一页尾页 第4页 / 共1222页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站