Moodle 2.5.x < 2.5.7 / 2.6.x < 2.6.4 / 2.7.x < 2.7.1 XSS

Binary data 8722.prm...

Balero CMS 0.7.2 - Multiple JSHTML Injection Vulnerabilities

Balero CMS 0.7.2 - Multiple JSHTML Injection Vulnerabilities document.cookie="counter=1confirm'XSS'; path=/balerocms/"; csrf+stored xss+filter bypass+session hijack: document.location="http://www.zeroscience.mk/pent...

GeniXCMS 0.0.1 Cross Site Scripting

GeniXCMS v0.0.1 Persistent Script Insertion Vulnerability Vendor: MetalGenix Product web page: http://www.genixcms.org Affected version: 0.0.1 Summary: GenixCMS is a PHP Based Content Management System and Framework CMSF. It's a simple and lightweight of CMSF. Very suitable for Intermediate PHP...

Loxone Smart Home Multiple Cross-Site Scripting Vulnerabilities

Loxone Smart Home is a WEB-based application. Multiple cross-site scripting vulnerabilities in Loxone Smart Home could be exploited by an attacker to execute arbitrary HTML script and code within the context of the affected application...

WordPress April's Super Functions Pack Plugin Cross Site Scripting Vulnerability

WordPress April SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

WordPress Photocrati Theme 'prod_id' XSS Vulnerability

The WordPress theme Photocrati is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CMS PHPKit WCMS 1.6.6 Cross Site Scripting

Advisory: Reflecting XSS vulnerability in CMS PHPKit WCMS v. 1.6.6 Advisory ID: SROEADV-2014-07 Author: Steffen Rösemann Affected Software: CMS PHPKit WCMS v. 1.6.6 Build: 1660014 Vendor URL: http://www.phpkit.com/de/ Vendor Status: did not respond to issue CVE-ID: - ==========================...

Nibbleblog 4.0.1 Cross Site Scripting Vulnerability

NibbleBlog versions 4.0.1 and below suffer from a cross site scripting vulnerability ============================================= MGC ALERT 2014-002 - Original release date: March 5, 2014 - Last revised: November 17, 2014 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score...

Pandora FMS 5.1SP1 Cross Site Scripting Vulnerability

Pandora FMS version 5.1SP1 suffers from a cross site scripting vulnerability. I. VULNERABILITY ------------------------- XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 - Revisión PC141031 II. BACKGROUND Pandora FMS is the monitoring software chosen by several companies all...

Croogo 2.0.0 - Multiple Stored XSS Vulnerabilities

No description provided by source. Croogo 2.0.0 Multiple Stored XSS Vulnerabilities Vendor: Fahad Ibnay Heylaal Product web page: http://www.croogo.org Affected version: 2.0.0 Summary: Croogo is a free, open source, content management system for PHP, released under The MIT License. It is powered...

Nordex NC2 'username' Parameter Cross Site Scripting Vulnerability

Nordex NC2 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WordPress Web Dorado Spider Video Player XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

ASP.NET MVC Security Feature Bypass Vulnerability (2990942)

This host is missing an important security update according to Microsoft Bulletin MS14-059. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Exinda WAN Optimization Suite 7.0.0 CSRF / XSS

I. VULNERABILITY ------------------------- XSS Reflected vulnerabilities and CSRF in Exinda WAN Optimization Suite II. BACKGROUND ------------------------- WAN Optimization Suite integrates enterprise-caliber bandwidth acceleration and optimization with best-in-class application network visibilit...

WordPress Login Widget With Shortcode Plugin 3.1.1 - Multiple Vulnerabilities

Login Widget With Shortcode plugin is prone to CSRF and XSS vulnerabilities that allow an attacker to insert arbitrary HTML into an admin page. Then an attacker can use Javascript to control an admin user’s browser and create user accounts, posts, etc. Solution Update the plugin...

WordPress Login Widget With Shortcode 3.1.1 CSRF / XSS Vulnerabilities

WordPress Login Widget With Shortcode plugin version 3.1.1 suffers from cross site request forgery and cross site scripting vulnerabilities. Details ================ Software: Login Widget With Shortcode Version: 3.1.1 Homepage: http://wordpress.org/plugins/login-sidebar-widget/ Advisory report:...

Cart Engine 3.0 XSS / Open Redirect / SQL Injection

=== Details === Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/ Affected Product: Cart Engine Version: 3.0 === Executive Summary === SQL Injection: Using a specially crafted HTTP request, it is possible to exploi...

RiverBed Stingray Traffic Manager 9.6 Cross Site Scripting

I. VULNERABILITY ------------------------- XSS Reflected vulnerability in RiverBed Stingray Traffic Manager Virtual Appliance V 9.6 II. BACKGROUND ------------------------- Silver Peak VX software marries the cost and flexibility benefits of virtualization with the performance gains associated wi...

Oxwall 1.7.0 - Multiple CSRF And HTML Injection Vulnerabilities

Oxwall version 1.7.0 suffers from multiple cross-site request forgery and stored xss vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with...

SkaDate Lite 2.0 - Multiple CSRF And Persistent XSS Vulnerabilities

SkaDate Lite version 2.0 suffers from multiple cross-site request forgery and stored xss vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with...