Cross-site scripting vulnerability in multiple Zyxel devices

ZyXEL ZyWall 310 and others are products of Taiwan, China-based ZyXEL Corporation.ZyXEL ZyWall 310 is a 310 series VPN firewall appliance.ZyXEL ZyWall 110 is a 110 series VPN firewall appliance.ZyXEL USG1900 is a next-generation unified security gateway appliance. Zyxel ZyWall A cross-site...

b3log Solo Cross-Site Scripting Vulnerability

b3log Solo is an open source blogging system. A cross-site scripting vulnerability exists in the input page under the Publish Articles menu in b3log Solo version 2.9.3. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit thi...

CVE-2017-9390

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One of the parameters retrieved by this script ...

Input validation

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One of the parameters retrieved by this script ...

CVE-2017-9390

An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One of the parameters retrieved by this script ...

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2019-34776)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site scriptin...

CloudBees Jenkins ElectricFlow Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . ElectricFlow Plugin is used in one of the...

ENTTEC Datagate Mk2 Cross-Site Scripting Vulnerability

The ENTTEC Datagate MK2 is a lighting controller from ENTTEC Australia. A cross-site scripting vulnerability exists in the Web Configuration feature in the ENTTEC Datagate Mk2 70044update05032019-482 release. The vulnerability stems from the WEB application lacking proper validation of client dat...

Moxa AWK-3121 Cross-Site Scripting Vulnerability

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A cross-site scripting vulnerability exists in the 'iwboarddeviceName' parameter in the Moxa AWK-3121 version 1.19, which can be exploited by an attacker to execute client-side code...

Maccms Cross-Site Scripting Vulnerability (CNVD-2019-17318)

Maccms is a PHP-based content management system CMS for film and television. A cross-site scripting vulnerability exists in Maccms 8.0 and earlier versions. The vulnerability stems from a lack of proper validation of client-side data in the WEB application. An attacker can exploit this...

PHP Scripts Mall API Based Travel Booking Cross Site Scripting Vulnerability

PHP Scripts Mall API Based Travel Booking is an online travel booking system script by PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall API Based Travel Booking version 3.4.7, which can be exploited by an attacker to execute client-side code...

MyBB Cross-Site Scripting Vulnerability (CNVD-2019-16947)

MyBB MyBulletinBoard is a free and Web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A cross-site scripting vulnerability exists in MyBB version 1.8.19, which can be exploited by attacker...

ZOHO ManageEngine ServiceDesk Plus Cross-Site Scripting Vulnerability (CNVD-2019-16592)

ZOHO ManageEngine ServiceDesk Plus is a set of ITIL-based IT service management software ITSM from ZOHO. The software integrates incident management, problem management, asset management, IT project management, procurement and contract management and other functional modules. A cross-site scripti...

Geutebrück G-Cam and G-Code Cross-Site Scripting Vulnerabilities

G-Cam is a series of webcams from Geutebrück.G-Code is an analog video encoder from Geutebrück. A cross-site scripting vulnerability exists in Geutebrück G-Cam and G-Code. The vulnerability stems from a lack of proper validation of client data by the WEB application. An attacker can exploit the...

Zimbra Collaboration Server Cross-Site Scripting Vulnerability

Zimbra Collaboration Server ZCS is a suite of email and collaboration solutions from Zimbra, USA. The solution provides email, contacts, calendaring, file sharing, social networking, and more. A cross-site scripting vulnerability exists in the admin console in version 8.x of Zimbra ZCS prior to...

Apcupsd Cross-Site Scripting Vulnerability

pfSense is a set of network firewalls based on FreeBSD Linux. apcupsd is one of the uninterruptible power supply daemons. A cross-site scripting vulnerability exists in the apcupsdstatus.php file in Apcupsd version 0.3.915 in pfSense 2.4.4-RELEASE-p3 and earlier versions and other products. The...

Eventum Cross-Site Scripting Vulnerability

Eventum is a defect tracking system. The system is used to track inbound technical support, organizational tasks, bugs, etc. A cross-site scripting vulnerability exists in the /htdocs/postnote.php file in Eventum version 3.5.0. The vulnerability stems from a lack of proper validation of client-si...

PrestaShop cross-site scripting vulnerability (CNVD-2019-16479)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A cross-site scripting vulnerability exists in the 'shopcountry' parameter of the...

EmpireCMS cross-site scripting vulnerability (CNVD-2019-16391)

EmpireCMS Empire Content Management System is an open source content management system CMS. A cross-site scripting vulnerability exists in EmpireCMS version 7.5.0, which can be exploited by an attacker to execute client-side code...

EmpireCMS Cross-Site Scripting Vulnerability

EmpireCMS Empire Content Management System is an open source content management system CMS. A cross-site scripting vulnerability exists in EmpireCMS version 7.5.0, which can be exploited by an attacker to execute client-side code...