Iris ID IrisAccess ICU 7000-2 XSS / Cross Site Request Forgery

i? Iris ID IrisAccess ICU 7000-2 Multiple XSS and CSRF Vulnerabilities Vendor: Iris ID, Inc. Product web page: http://www.irisid.com Affected version: ICU Software: 1.00.08 ICU OS: 1.3.8 ICU File system: 1.3.8 EIF Firmware Channel 1: 1.9 EIF Firmware Channel 2: 1.9 Iris TwoPi: 1.4.5 Summary: The...

iBilling 3.7.0 Cross Site Scripting

Cross Site Scripting Stored: http://localhost/ibilling/index.php Parameters: msg, desc, account, phone, company, address, city, state, zip, tags, description, ref POST...

WordPress Titan Framework < 1.6 Multiple XSS Vulnerabilities

The WordPress plugin SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

HackerOne: Unintended HTML inclusion as a result of https://hackerone.com/reports/110578

Hi, I was just reading https://hackerone.com/reports/110578 and testing out the changes. I had previously noticed that the editor would take something like: test and turn it into : test In other words, the code would recursively look at what should be the title string and use the first single or...

Microsoft FrontPage Server Extensions Cross Site Scripting (MS06-017: CVE-2006-0015)

A Cross Site Scripting vulnerability exists in Microsoft FrontPage Server Extensions and Microsoft SharePoint Team Services. The vulnerability is caused as a result of the failure of these products to properly validate certain CGI parameters passed to them. This vulnerability allows arbitrary HTM...

R-Scripts VRS 7R Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

PHP Vacation Rental Script version 7R suffers from cross site request forgery and cross site scripting vulnerabilities. R-Scripts VRS 7R Multiple Stored XSS And CSRF Vulnerabilities Vendor: R-Scripts Product web page: http://www.r-scripts.com Affected version: 7R Summary: PHP Vacation Rental Scri...

RealtyScript v4.0.2 Multiple CSRF And Persistent XSS Vulnerabilities

Summary RealtyScript is award-winning real estate software that makes it effortless for a real estate agent, office, or entrepreneur to be up and running with a real estate web site in minutes. The software is in daily use on thousands of domain names in over 40 countries and has been translated...

Open-Xchange (OX) App Suite Multiple Vulnerabilities - 01 (Oct 2015)

Open-Xchange OX App Suite is prone to multiple vulnerabilities. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

Mango Automation 2.6.0 Remote XSS POST Injection Vulnerability

Summary Mango Automation is a flexible SCADA, HMI And Automation software application that allows you to view, log, graph, animate, alarm, and report on data from sensors, equipment, PLCs, databases, webpages, etc. It is easy, affordable, and open source. Description The application is prone to a...

4images 1.7.11 Cross Site Scripting

============================================= MGC ALERT 2015-001 - Original release date: September 08, 2015 - Last revised: September 24, 2015 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I. VULNERABILITY...

rakuto.net hitSuji Cross-Site Scripting Vulnerability

rakuto.net hitSuji is an open source SNS social networking site software. A cross-site scripting vulnerability in rakuto.net hitSuji 0.2.2b allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

up.time 7.5.0 XSS And CSRF Add Admin Exploit

Exploit for php platform in category web applications up.time 7.5.0 XSS And CSRF Add Admin Exploit Vendor: Idera Inc. Product web page: http://www.uptimesoftware.com Affected version: 7.5.0 build 16 and 7.4.0 build 13 Summary: The next-generation of IT monitoring software. Desc: The application...

LEMON-S PHP Gazou BBS plus Arbitrary File Upload Vulnerability

LEMON-S PHP Gazou BBS plus is a free PHP-based electronic bulletin board system BBS. A security vulnerability exists in LEMON-S PHP Gazou BBS plus 2.35 and earlier versions. The vulnerability can be exploited by remote attackers to upload arbitrary HTML documents using specially crafted image fil...

CVE-2015-2974

LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file...

CVE-2015-2974

LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file...

ArticleFR 3.0.6 Multiple Script Injection Vulnerabilities

Summary A lightweight fully featured content article / video management system. Comes with a pluginable and multiple module framework system. Description ArticleFR suffers from multiple stored cross-site scripting vulnerabilities. The issues are triggered when input passed via the POST parameter...

Cross-Site Scripting Vulnerabilities in Multiple ESRI Products

ESRI ArcGIS is a set of geographic information system GIS based on SOA architecture from Environmental Systems Research Institute ESRI, which can share GIS resources such as 2D and 3D maps, address locators, spatial databases, and geoprocessing tools as a service across an enterprise or across th...

Cross-Site Scripting (XSS) in qTranslate WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in qTranslate WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against website administrators. Successful exploitation of this vulnerability may allow a remote attacker to gain complete control ove...

WordPress Yoast 2.1.1 Cross Site Scripting

============================================================ Info ============================================================ Affects: Yoast Wordpress SEO Plugin ============================================================ Vulnerable Code =================================...

Synology DiskStation Manager XSS Vulnerability

Synology DiskStation Manager is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...