63870 matches found
Odoo <= 8.0-20160726 & 9.0 - Open Redirect
An Open Redirect vulnerability in Odoo versions = 8.0-20160726 and 9.0. This issue allows an attacker to redirect users to untrusted sites via a crafted URL. id: CVE-2017-5871 info: name: Odoo = 8.0-20160726 & 9.0 - Open Redirect author: 1337rokudenashi severity: medium description: | An Open...
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN. id: CVE-2017-3133 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddha severity:...
Fortinet FortiOS < 5.6.0 - Cross-Site Scripting
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken. id: CVE-2017-3132 info: name: Fortinet FortiOS 5.6.0 - Cross-Site Scripting author: ritikchaddh...
Pinterest by BestWebSoft < 1.0.5 - Cross-Site Scripting
The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues. id: CVE-2017-18517 info: name: Pinterest by BestWebSoft 1.0.5 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues...
Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local File Inclusion
Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 is susceptible to local file inclusion in public/examples/resources/getsource.php. This could allow remote attackers to read arbitrary files via the file parameter. id: CVE-2017-15363 info: name: Luracast Restler 3.0.1 via TYPO3 Restler 1.7.1 - Local...
SMTP by BestWebSoft < 1.1.0 - Cross-Site Scripting
The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. id: CVE-2017-18518 info: name: SMTP by BestWebSoft 1.1.0 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. impact: |...
PromoBar by BestWebSoft < 1.1.1 - Cross-Site Scripting
The promobar plugin before 1.1.1 for WordPress has multiple XSS issues. id: CVE-2017-18529 info: name: PromoBar by BestWebSoft 1.1.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The promobar plugin before 1.1.1 for WordPress has multiple XSS issues. impact: |...
WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting
WSO2 Data Analytics Server 3.1.0 is susceptible to cross-site scripting in carbon/resources/addcollectionajaxprocessor.jsp via the collectionName or parentPath parameter. id: CVE-2017-14651 info: name: WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting author: mass0ma severity: medium...
DokuWiki - Cross-Site Scripting
DokuWiki through 2017-02-19b contains a cross-site scripting vulnerability in the DATEAT parameter to doku.php which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
HPE System Management - Cross-Site Scripting
HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...
Django Debug Page - Cross-Site Scripting
Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5 has HTML autoescaping disabled in a portion of the template for the technical 500 debug page. We detected that right circumstances DEBUG=True are present to allow a cross-site scripting attack. id: CVE-2017-12794 info: name: Django Debug Page -...
NETGEAR Routers - Authentication Bypass
NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices are susceptible to authentication bypass via simple crafted requests to the web management server. id: CVE-2017-5521 info: name: NETGEAR Routers - Authentication Bypass...
KMCIS CaseAware - Cross-Site Scripting
KMCIS CaseAware contains a reflected cross-site scripting vulnerability via the user parameter transmitted in the login.php query string. id: CVE-2017-5631 info: name: KMCIS CaseAware - Cross-Site Scripting author: edoardottt severity: medium description: KMCIS CaseAware contains a reflected...
WordPress Qards - Cross-Site Scripting
WordPress Qards through 2017-10-11 contains a cross-site scripting vulnerability via a remote document specified in the URL parameter to html2canvasproxy.php. id: CVE-2017-18598 info: name: WordPress Qards - Cross-Site Scripting author: pussycat0x severity: medium description: WordPress Qards...
BOA Web Server 0.94.14 - Arbitrary File Access
BOA Web Server 0.94.14 is susceptible to arbitrary file access. The server allows the injection of "../.." using the FILECAMERA variable sent by GET to read files with root privileges and without using access credentials. id: CVE-2017-9833 info: name: BOA Web Server 0.94.14 - Arbitrary File Acces...
McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting
McAfee Network Data Loss Prevention User-Agent 9.3.x contains a cross-site scripting vulnerability which allows remote attackers to get session/cookie information via modification of the HTTP request. id: CVE-2017-4011 info: name: McAfee Network Data Loss Prevention 9.3.x - Cross-Site Scripting...
Social Buttons Pack by BestWebSof < 1.1.1 - Cross-Site Scripting
The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues. id: CVE-2017-18500 info: name: Social Buttons Pack by BestWebSof 1.1.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-buttons-pack plugin before 1.1.1 for WordPress has...
OpenDreambox 2.0.0 - Remote Code Execution
OpenDreambox 2.0.0 is susceptible to remote code execution via the webadmin plugin. Remote attackers can execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI in enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py. id: CVE-2017-14135 info: nam...
Laravel <5.5.21 - Information Disclosure
Laravel through 5.5.21 is susceptible to information disclosure. An attacker can obtain sensitive information such as externally usable passwords via a direct request for the /.env URI. NOTE: CVE pertains only to the writeNewEnvironmentFileWith function in...
WordPress Mailster <=1.5.4 - Cross-Site Scripting
WordPress Mailster 1.5.4 and before contains a cross-site scripting vulnerability in the unsubscribe handler via the mes parameter to view/subscription/unsubscribe2.php. id: CVE-2017-17451 info: name: WordPress Mailster =1.5.5 which includes a fix for this vulnerability. reference: -...