Drupal OSF for Drupal Module Cross-Site Scripting Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community. osf for Drupal is one of the middle-tier modules that allows customization tools and data display for internally structured data RDF and related vocabularies ontologies. A cross-site...

Research Artisan Lite vulnerable to cross-site scripting

Overview Research Artisan Lite provided by Research Artisan Project is an access analysis tool. Research Artisan Lite contains multiple cross-site scripting vulnerabilities CWE-79. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

IPython JSON Error Response Cross-Site Scripting Vulnerability

IPython is an enhanced version of Python's native interactive shell. IPython suffers from cross-site scripting vulnerabilities that could be exploited by attackers to execute arbitrary script code in the context of an affected website in a browser without the user's knowledge. This could allow an...

IBM InfoSphere Master Data Management Collaborative Cross-Site Scripting Vulnerability

IBM InfoSphere Master Data Management MDM Collaborative is a suite of collaborative editing solutions for Product Information Management PIM from IBM USA. A cross-site scripting vulnerability exists in IBM InfoSphere MDM Collaborative. When a user browses the affected site, their browser will...

D-Link DSL-500B Gen 2 - URL Filter Configuration Panel Persistent Cross-Site Scripting

!/usr/bin/perl Date dd-mm-aaaa: 13-02-2015 Exploit for D-Link DSL-500B G2 Cross Site Scripting XSS Injection Stored in todmngr.tod URL Filter Developed by Mauricio Corrêa XLabs Information Security WebSite: www.xlabs.com.br CAUTION! This exploit disables some features of the modem, forcing the...

SnipSnap 'query' parameter cross-site scripting vulnerability

SnipSnap is a free java written and easy to install webBlog and wiki tools. A cross-site scripting vulnerability exists in the SnipSnap 'query' parameter due to the program failing to properly process user-supplied input. This allows an attacker to steal cookie-based authentication credentials an...

Multiple Cross-Site Scripting Vulnerabilities in Ansible Tower

Ansible is simple configuration management, deployment, task execution, and multi-node authoring framework. Ansible Tower has multiple cross-site scripting vulnerabilities because it fails to properly filter user-supplied input. An attacker could potentially exploit these vulnerabilities to execu...

Grayscale BandSite CMS 1.1 pastshows_content.php the_band Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive informatio...

Cybozu Dezie vulnerable to cross-site scripting

Overview Cybozu Dezie provided by Cybozu, Inc. contains a cross-site scripting vulnerability. Ken Asai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the web browser o...

Cerb Multiple Vulnerabilities

The version of Cerb installed on the remote host is earlier than 6.2.5. It is, therefore, affected by multiple vulnerabilities: - A flaw exists in that the application does not validate input passed via HTML email attachments, making it vulnerable to XSS. An attacker could exploit this issue to...

Documents Pro (formerly Files HD) vulnerable to cross-site scripting

Overview Documents Pro provided by Olive Toast Software Ltd. contains a cross-site scripting vulnerability. Documents Pro provided by Olive Toast Software Ltd. is a document viewer for iOS devices. Documents Pro contains a cross-site scripting vulnerability. Keigo Yamazaki of LAC Co., Ltd. report...

OSQA vulnerable to cross-site scripting

Overview OSQA The Open Source Q system contains a cross-site scripting vulnerability. OSQA is an open source question and answer system. OSQA contains a cross-site scripting vulnerability. Kousuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...

Tor Browser Bundle for Linux (2.2.35-8) "EVIL bug"

"There is an EVIL bug in at least the Linux 2.2.35-8 Tor Browser Bundle start-tor-browser script. It will log things like domain names to a file in the root of the browser bundle." https://trac.torproject.org/projects/tor/ticket/5417 Ticket 5417 new defect RelativeLink.sh in Tor browser bundle ha...

Redmine vulnerable to cross-site scripting

Overview Redmine contains a cross-site scripting vulnerability. Redmine is a project management software. Redmine contains a cross-site scripting vulnerability. Kousuke Ebihara reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Cogent DataHub vulnerable to cross-site scripting

Overview Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a cross-site scripting vulnerability. Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center ICST, Taiwan R.O.C. reported this vulnerability to JPCERT/CC...

TornadoStore 1.4.3 - SQL Injection / HTML Injection

source: https://www.securityfocus.com/bid/41233/info TornadoStore is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application, access or modify dat...

SendStudio 4.0.1 - Cross-Site Scripting / Security Bypass

source: https://www.securityfocus.com/bid/37554/info SendStudio also called Email Marketer is prone to a cross-site scripting issue and a security-bypass issue. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

WX-Guestbook 1.1.208 - SQL Injection HTML Injection

WX-Guestbook 1.1.208 - SQL Injection HTML Injection source: https://www.securityfocus.com/bid/41741/info WX-Guestbook is prone to multiple SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage thes...

Woodstock 4.2 404 - Error Page Cross-Site Scripting

source: https://www.securityfocus.com/bid/34829/info Woodstock is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

Mandriva Update for desktop-common-data MDKA-2007:042 (desktop-common-data)

Check for the Version of desktop-common-data OpenVAS Vulnerability Test Mandriva Update for desktop-common-data MDKA-2007:042 desktop-common-data Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...