Cross site scripting

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance RSA IMG...

CVE-2017-8005

The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG products RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identity Management and Governance RSA IMG...

CVE-2017-7391

A Cross-Site Scripting XSS was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data prefix passed to the 'magmi-git-master/magmi/web/ajaxgettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of...

CVE-2017-7250

A Cross-Site Scripting XSS was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data action passed to the 'Gazelle-master/sections/tools/finances/bitcoinbalance.php' URL. An attacker could execute arbitrary HTML and script code in a...

Design/Logic Flaw

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI...

CVE-2016-1592

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI...

ZKTeco ZKAccess Security System 5.3.1 - Persistent Cross-Site Scripting

Exploit for jsp platform in category web applications !-- ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 5.3.12252 Summary: ZKAccess Systems ar...

Microsoft FrontPage Server Extensions Cross Site Scripting (MS06-017: CVE-2006-0015)

A Cross Site Scripting vulnerability exists in Microsoft FrontPage Server Extensions and Microsoft SharePoint Team Services. The vulnerability is caused as a result of the failure of these products to properly validate certain CGI parameters passed to them. This vulnerability allows arbitrary HTM...

4images 1.7.11 Cross Site Scripting

============================================= MGC ALERT 2015-001 - Original release date: September 08, 2015 - Last revised: September 24, 2015 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I. VULNERABILITY...

Nibbleblog 4.0.1 Cross Site Scripting Vulnerability

NibbleBlog versions 4.0.1 and below suffer from a cross site scripting vulnerability ============================================= MGC ALERT 2014-002 - Original release date: March 5, 2014 - Last revised: November 17, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score...

Oxwall 1.7.0 - Multiple CSRF And HTML Injection Vulnerabilities

Oxwall version 1.7.0 suffers from multiple cross-site request forgery and stored xss vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with...

SkaDate Lite 2.0 CSRF / Cross Site Scripting

SkaDate Lite 2.0 Mu...

MTP Poll 1.0 - Multiple XSS Vulnerabilities

No description provided by source. ?!-- MTP Poll 1.0 Multiple Remote Script Insertion Vulnerabilities Vendor: MTP Scripts Product web page: http://www.morephp.net Affected version: 1.0 Summary: More than poll is a polling system with a powerful administration tool. It features: multiple pools,...

BarracudaDrive Multiple XSS Vulnerabilities -01 (Jun 2014)

BarracudaDrive is prone to multiple XSS vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

couponPHP CMS 1.0 - Multiple Stored XSS and SQL Injection Vulnerabilities

couponPHP is vulnerable to multiple Stored XSS and SQL Injection issues. Input passed via the parameters 'iDisplayLength' and 'iDisplayStart' in 'commentspaginate.php' and 'storespaginate.php' scripts are not properly sanitised before being returned to the user or used in SQL queries. This can be...

xt:Commerce VEYTON 4.0.15 (products_name_de) Script Insertion Vulnerability

Exploit for php platform in category web applications xt:Commerce VEYTON 4.0.15 productsnamede Script Insertion Vulnerability form name="XSS" method="POST"...

Oracle GlassFish Server Multiple XSS and CSRF Vulnerabilities

This host is running Oracle GlassFish Server and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboracleglassfishservermultvuln.nasl 5956 2017-04-14 09:02:12Z teissa $ Oracle GlassFish Server Multiple XSS and CSRF Vulnerabilities Authors: Sooraj KS Copyright: Copyright c 20...

ArticleSetup Multiple Persistence XSS / SQL Injection Vulnerabilities

Exploit for php platform in category web applications Title : ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities Overview: --------- ArticleSetup Multiple Persistence Cross-Site Scripting and SQL Injection Vulnerabilities. Technical Description:...

Xataface WebAuction and Xataface Librarian DB - Multiple Vulnerabilities

Title : Xataface WebAuction and Xataface Librarian DB Multiple Vulnerabilities. Author : Antu Sanadi SecPod Technologies www.secpod.com Vendor : http://xataface.com/ Advisory : http://secpod.org/blog/?p=350 http://secpod.org/advisories/SECPODXatafaceWebauctionMultVuln.txt Software : Xataface...

MG2 0.5.1 Cross Site Scripting

MG2 0.5.1 Multiple XSS Vulnerabilities Vendor: MiniGal Product web page: http://www.minigal.dk Affected version: 0.5.1 Summary: MG2 is the sequel to the popular image gallery script MiniGal. One of the highlights of MG2 is, that it supports PHP running in safe mode which is unsupported by almost...