The vulnerability of the virtual learning environment Moodle, related to the lack of protection for the website structure, allows a hacker to execute arbitrary HTML code and script code in the user’s browser within the context of the vulnerable website.

The vulnerability of the virtual learning environment Moodle is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code and script code in the user’s browser, within the context of the...

Cross-site Scripting (XSS)

Overview docsify is a magical documentation site generator. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to...

Security Bulletin: Log Analysis is vulnerable to a client side scripting attack due to missing HTTPOnly and Secure attribute in the cookie

Summary A remote attacker is able to obtain sensitive information cause by the failure to set the HttpOnly and Secure attribute in the cookie. This allow attacker to intercept the transmission and obtain information from the cookie in clear text Vulnerability Details CVEID: CVE-2019-4214...

Limesurvey Information Disclosure Vulnerability (CNVD-2019-31189)

LimeSurvey formerly known as PHPSurveyor is a set of open source online questionnaire survey program from the LimeSurvey team, which supports survey program development, questionnaire distribution, and data collection. A security vulnerability exists in Limesurvey versions prior to 3.17.14. An...

eZ Platform Admin UI Cross-Site Scripting Vulnerability

eZ Platform is an open source enterprise content management system CMS. admin UI is one of the back-end management interface . A cross-site scripting vulnerability exists in the Admin UI in eZ Platform version 2.x, which can be exploited by an attacker to execute client-side code...

Barracuda Cloud ESS 2.x - Multiple XSS Web Vulnerabilities

Document Title: =============== Barracuda Cloud ESS 2.x - Multiple XSS Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=742 Barracuda Networks Security ID: BNSEC-671 Release Date: ============= 2018-07-22 Vulnerability Laboratory ID...

Security Bulletin: IBM QRadar SIEM is vulnerable to a client side scripting attack due to a missing HTTPOnly flag on a cookie. (CVE-2015-1994)

Summary One of the cookies used for user authorization is missing the HTTPOnly Attribute which allows attackers leveraging a Cross-Site Scripting vulnerability to obtain the cookie value and then perform a session hijacking attack. Vulnerability Details CVE-ID: CVE-2015-1994 Description: IBM QRad...

CVE-2018-11090

An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within "ProxyPage.aspx" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site...

Cross site scripting

An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within "ProxyPage.aspx" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site...

CVE-2017-1000236

I, Librarian version =4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site...

I_ Librarian 4.64.7 - Command Injection Server Side Request Forgery Directory Enumeration Cross-Site Scripting

I Librarian 4.64.7 - Command Injection Server Side Request Forgery Directory Enumeration Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: I, Librarian PDF manager...

I, Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: I, Librarian PDF manager vulnerable version: =4.6 & 4.7 fixed version: 4.8 CVE number: - impact: Critical homepage:...

WP Good News Themes Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Wordpress Good News Themes, which can be exploited by remote attackers to inject client-side scripting code...

Websense Data Security Cross Site Scripting

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Websense Data Security block page ------------------------------------------------------------------------ Han Sahin, September 2014...

JQuery 1.4.2 Cross Site Scripting

XSS Reflected JQuery 1.4.2 - Create object option in runtime client-side From: Mauro Risonho de Paula Assumpção Date: 02.09.2014 13:21:20 -0300 VSLA Security Advisory FIRE-XSS-Reflected-Jquery 1.4.2 2014-001: XSS Reflected JQuery 1.4.2 LEVEL: MEDIUM In our tests authorized by the customer, we can...

Agora.CGI 3.x/4.0 Debug Mode Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output. Debug mode is not...

Google Desktop Search Remote Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11541/info Google Desktop Search is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize HTML tag content. An attacker may leverage this issue...

Jira 4.0.1 - Cross-Site Scripting Information Disclosure

Jira 4.0.1 - Cross-Site Scripting Information Disclosure source: https://www.securityfocus.com/bid/42025/info Jira is prone to multiple cross-site scripting vulnerabilities and an information disclosure vulnerability because the application fails to sufficiently sanitize user-supplied input...

PunBB IMG Tag Client Side Scripting XSS

The remote web server contains a PHP application that is affected by a cross-site scripting vulnerability. Description : The remote version of PunBB is vulnerable to cross-site scripting flaws because the application does not validate IMG tag. With a specially crafted URL, an attacker can cause...

PunBB IMG Tag Client Side Scripting XSS

The remote version of PunBB is vulnerable to cross-site scripting flaws because the application does not validate IMG tag. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...