映射到 CWE-79 的搜索结果 (7080)

CVE-2017-11355(发布:2017-08-02 15:29:00)NP
CVSS4.3

[原文]Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page.

CVE-2017-2285(发布:2017-08-02 12:29:00)NM
CVSS4.3

[原文]Cross-site scripting vulnerability in Simple Custom CSS and JS prior to version 3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2017-2284(发布:2017-08-02 12:29:00)NM
CVSS4.3

[原文]Cross-site scripting vulnerability in Popup Maker prior to version 1.6.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2017-12139(发布:2017-08-02 01:29:00)N
CVSS4.3

[原文]XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php.

CVE-2017-12200(发布:2017-08-02 01:29:00)N
CVSS4.3

[原文]The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component.

CVE-2017-1500(发布:2017-08-01 14:29:00)NMPS
CVSS4.3

[原文]A Reflected Cross Site Scripting (XSS) vulnerability exists in the authorization function exposed by RESTful Web Api of IBM Worklight Framework 6.1, 6.2, 6.3, 7.0, 7.1, and 8.0. The vulnerable parameter is "scope"; if you set as its value a "realm" not defined in authenticationConfig.xml, you get an HTTP 403 Forbidden response and the value will be reflected in the body of the HTTP response. By setting it to arbitrary JavaScript code it is possible to modify the flow of the authorization function, potentially leading to credential disclosure within a trusted session.

首页上一页345678910下一页尾页 第5页 / 共1180页

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站