551 matches found
CVE-2014-3995
Cross-site scripting XSS vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name...
PYSEC-2014-79
Cross-site scripting XSS vulnerability in gravatars/templatetags/gravatars.py in Djblets before 0.7.30 and 0.8.x before 0.8.3 for Django allows remote attackers to inject arbitrary web script or HTML via a user display name...
Cross site scripting
Cross-site scripting XSS vulnerability in DotNetNuke DNN before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile...
GetSimple CMS 3.1.2 / 3.2.3 Cross Site Scripting
Author Information Author : Ahmed Elhady Mohamed Website : http://1nfosec4all.blogspot.com/ twitter : @kingasmk facebook :https://www.facebook.com/groups/ITsec4all/ Software Information Affected Software : GetSimple CMS 3.2.3, 3.1.2 Software website : http://get-simple.info/ CVE Reference :...
XSS Vulnerability in AAC - Atlassian ID Display Name is not HTML-encoded on user hover
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-46719. panel Raised from https://extranet.atlassian.com/jira/browse/INTSYS-23426...
XSS Vulnerability in AAC - Atlassian ID Display Name is not HTML-encoded on user hover
Raised from https://extranet.atlassian.com/jira/browse/INTSYS-23426...
XSS Vulnerability in AAC - Atlassian ID Display Name is not HTML-encoded on user hover
panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report|http://jira.atlassian.com/browse/CONFCLOUD-46719. panel Raised from https://extranet.atlassian.com/jira/browse/INTSYS-23426...
CVE-2012-3322
Cross-site scripting XSS vulnerability in IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management Essentials 6.2 through 7.5, Tivoli Asset Management for IT 6.2 through 7.2, Tivoli Service Request Manager 7.1 and 7.2, Maximo Service Desk 6.2, Change and Configuration Management...
FlexCMS 3.2.1 - Persistent Cross-Site Scripting
FlexCMS 3.2.1 - Persistent Cross-Site Scripting Persistent XSS in FLEXCMS 3.2.1 Software vendor: http://www.flexcms.com/flex/index.html The Persistent XSS appears when any user go to edit profile Display name and then injects the xss code instead of his display name. After inkection this code. In...
FlexCMS 3.2.1 for logged in users XSS
Exploit for php platform in category web applications Persistent XSS in FLEXCMS 3.2.1 Software vendor: http://www.flexcms.com/flex/index.html The Persistent XSS appears when any user go to edit profile Display name and then injects the xss code instead of his display name. After inkection this...
CVE-2012-0195
Cross-site scripting XSS vulnerability in the Start Center Layout and Configuration component in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5; IBM Tivoli Asset Management for IT 6.2, 7.1, and 7.2; IBM Tivoli Service Request Manager 7.1 and 7.2; IBM Maximo Service...
tomcat: XSS vulnerability in HTML Manager interface
Multiple cross-site scripting XSS vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag...
Sql injection
Multiple SQL injection vulnerabilities in Simple Machines Forum SMF before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a 1 HTML entity or 2 display name. NOTE: some of these details are obtained from third party information...
CVE-2011-3615
Multiple SQL injection vulnerabilities in Simple Machines Forum SMF before 1.1.15 and 2.x before 2.0.1 allow remote attackers to execute arbitrary SQL commands via vectors involving a 1 HTML entity or 2 display name. NOTE: some of these details are obtained from third party information...
tomcat: XSS vulnerability in HTML Manager interface
Multiple cross-site scripting XSS vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag...
tomcat: XSS vulnerability in HTML Manager interface
Multiple cross-site scripting XSS vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag...
tomcat: XSS vulnerability in HTML Manager interface
Multiple cross-site scripting XSS vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag...
WhiteBoard 0.1.30 Blind SQL Injection
WhiteBoard 0.1.30 Multiple Blind SQL Injection Vulnerabilities Name WhiteBoard Vendor http://sarosoftware.com Versions Affected 0.1.30 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-07-24 X. INDEX I. ABOUT THE...
Code injection
Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow 1 remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking...
CVE-2009-1677
Multiple static code injection vulnerabilities in the saveFeed function in rss/feedcreator.class.php in Bitweaver 2.6 and earlier allow 1 remote authenticated users to inject arbitrary PHP code into files by placing PHP sequences into the account's "display name" setting and then invoking...