Dolibarr <= 4.0.4 Multiple Vulnerabilities - Active Check

Dolibarr is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dolibarr:dolibarr"; ifdescription...

I, Librarian PDF Manager Command Injection Vulnerability

I, Librarian PDF Manager is an online service that will organize your collection of PDF and office documents. I, Librarian PDF Manager suffers from a command injection vulnerability. An attacker can exploit this vulnerability to inject arbitrary HTML...

Emby MediaServer 3.2.5 Reflected Cross Site Scripting

Emby MediaServer 3.2.5 Reflected XSS Vulnerability Vendor: Emby LLC Product web page: https://www.emby.media Affected version: 3.2.5 3.1.5 3.1.2 3.1.1 3.1.0 3.0.0 Summary: Emby formerly Media Browser is a media server designed to organize, play, and stream audio and video to a variety of devices...

CVE-2017-2147

Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Palo Alto PAN-OS Cross-Site Scripting Vulnerability

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. Palo Alto Networks PAN-OS suffers from a cross-site scripting vulnerability that stems from a failure to adequately validate user input. An attacker could use this vulnerability to...

CVE-2017-7391

A Cross-Site Scripting XSS was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data prefix passed to the 'magmi-git-master/magmi/web/ajaxgettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of...

CVE-2017-7388

A Cross-Site Scripting XSS was discovered in 'wallacepos v1.4.1'. The vulnerability exists due to insufficient filtration of user-supplied data token passed to the 'wallacepos-master/myaccount/resetpassword.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the...

CVE-2017-7388

A Cross-Site Scripting XSS was discovered in 'wallacepos v1.4.1'. The vulnerability exists due to insufficient filtration of user-supplied data token passed to the 'wallacepos-master/myaccount/resetpassword.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the...

Cross site scripting

Multiple Cross-Site Scripting XSS were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data torrents, size passed to the 'Gazelle-master/sections/tools/managers/multiplefreeleech.php' URL. An attacker could execute arbitrary HTML...

CVE-2017-7250

A Cross-Site Scripting XSS was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data action passed to the 'Gazelle-master/sections/tools/finances/bitcoinbalance.php' URL. An attacker could execute arbitrary HTML and script code in a...

Cross site scripting

A cross-site scripting XSS vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript if MantisBT's CSP settings permit it by modifying 'windowtitle' in the application configuration. This requires privileged access to MantisBT configuration management...

CVE-2017-7222

A cross-site scripting XSS vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript if MantisBT's CSP settings permit it by modifying 'windowtitle' in the application configuration. This requires privileged access to MantisBT configuration management...

CVE-2017-7203

A Cross-Site Scripting XSS was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data postLoginQuery passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and scrip...

CVE-2017-7204

A Cross-Site Scripting XSS was discovered in imdbphp 5.1.1. The vulnerability exists due to insufficient filtration of user-supplied data name passed to the "imdbphp-master/demo/search.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable...

CVE-2017-7205

A Cross-Site Scripting XSS was discovered in GamePanelX-V3 3.0.12. The vulnerability exists due to insufficient filtration of user-supplied data a passed to the "GamePanelX-V3-master/ajax/ajax.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the...

Authorization

An issue was discovered in Open.GL before 2017-03-13. The vulnerability exists due to insufficient filtration of user-supplied data content passed to the "Open.GL-master/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website...

CVE-2017-6538

A Cross-Site Scripting XSS issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data video passed to the webpagetest-master/www/speedindex/index.php URL. An attacker could execute arbitrary HTML and script code in a browser in the conte...

CVE-2017-6539

Multiple Cross-Site Scripting XSS issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data benchmark, time passed to the webpagetest-master/www/benchmarks/delta.php URL. An attacker could execute arbitrary HTML and script code in a...

CVE-2017-6537

A Cross-Site Scripting XSS issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data bgcolor passed to the webpagetest-master/www/video/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context o...

Cross site scripting

A Cross-Site Scripting XSS issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data nyroModalSel passed to the "reasoncms-master/www/nyroModal/demoSent.php" URL. An attacker could execute arbitrary HTML and script code in a...