ManageEngine Firewall Analyzer 7.2 - fwsyslogViewer.do?port Cross-Site Scripting

ManageEngine Firewall Analyzer 7.2 - fwsyslogViewer.do?port Cross-Site Scripting source: https://www.securityfocus.com/bid/52841/info Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues...

ManageEngine Firewall Analyzer 7.2 - 'fw/mindex.do?url' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52841/info Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

ManageEngine Firewall Analyzer 7.2 - 'fw/syslogViewer.do?port' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52841/info Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

ManageEngine Firewall Analyzer 7.2 - 'fw/createAnomaly.do?subTab' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52841/info Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

ManageEngine Firewall Analyzer 7.2 - fwindex2.do Multiple Cross-Site Scripting Vulnerabilities

ManageEngine Firewall Analyzer 7.2 - fwindex2.do Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/52841/info Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverag...

EZ Publish 4.x 'ezjscore' Module - Cross-Site Scripting

source: https://www.securityfocus.com/bid/52807/info eZ Publish is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

WordPress Plugin Integrator 1.32 - 'redirect_to' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52739/info WordPress Integrator is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context o...

Invision Power Board (IP.Board) 4.2.1 - searchText Cross-Site Scripting

Invision Power Board IP.Board 4.2.1 - searchText Cross-Site Scripting source: https://www.securityfocus.com/bid/52740/info Invision Power Board is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitra...

Zumset.com FbiLike 1.00 - 'id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52720/info FbiLike is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affecte...

Event Calendar PHP - 'cal_year' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52701/info Event Calendar PHP is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

Event Calendar PHP - cal_year Cross-Site Scripting

Event Calendar PHP - calyear Cross-Site Scripting source: https://www.securityfocus.com/bid/52701/info Event Calendar PHP is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

Minify 2.1.x - 'g' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52672/info Minify is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...

CMSimple 3.3 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52661/info CMSimple is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affect...

CVE-2012-1099

Cross-site scripting XSS vulnerability in actionpack/lib/actionview/helpers/formoptionshelper.rb in the select helper in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving certain...

Direct Manipulation XSS

Ruby on Rails contains a flaw that allows a remote cross-site scripting XSS attack. This flaw exists because the application does not validate direct manipulations of SafeBuffer objects via '' and other methods. This may allow a user to create a specially crafted request that would execute...

EJBCA 4.0.7 - 'issuer' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52400/info EJBCA is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...

Singapore 0.10.1 - 'gallery' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52399/info singapore is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Jenkins vulnerable to cross-site scripting

Overview Jenkins contains a cross-site scripting vulnerability. Jenkins is a continuous integration CI tool. Note that this vulnerability is different from JVN14791558. Minoru Sakai of SCSK Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

Jenkins vulnerable to cross-site scripting

Overview Jenkins contains a cross-site scripting vulnerability. Jenkins is a continuous integration CI tool. Jenkins contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN79950061. Minoru Sakai of SCSK Corporation reported this vulnerability to IPA...

SquirrelMail plugin Autocomplete vulnerable to cross-site scripting

Overview The SquirrelMail plugin Autocomplete contains a cross-site scripting vulnerability. The Autocomplete plugin in SquirrelMail searches for registered email addresses in user contacts as the user types into specific fields. The Autocomplete plugin contains a cross-site scripting...