CVE-2016-6800

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not...

CVE-2016-6800

The default configuration of the Apache OFBiz framework offers a blog functionality. Different users are able to operate blogs which are related to specific parties. In the form field for the creation of new blog articles the user input of the summary field as well as the article field is not...

CVE-2016-6800

CVE-2016-6800 affects the Apache OFBiz blog feature: unsanitized input in the summary/article fields allows injection of arbitrary JavaScript, which is executed in users’ browsers visiting the article. Mitigation is to upgrade to Apache OFBiz 16.11.01. This vulnerability detail is supported by th...

Cross site scripting

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality...

PYSEC-2017-109

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to Reflected XSS in the search functionality...

CVE-2017-3152

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality...

CVE-2017-3152

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found vulnerable to DOM XSS in the edit-tag functionality...

Cross site scripting

IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

tovek.se XSS vulnerability

Vulnerable URL: http://tovek.se/s%C3%B6k?frmSearch=true=a%27aa%22%22%3E%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 368633 VIP...

uponor.pt XSS vulnerability

Open Bug Bounty ID: OBB-282302 Description| Value ---|--- Affected Website:| uponor.pt Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2017-12879

Cross-site scripting XSS-STORED vulnerability in the DEVICES OR SENSORS functionality in Paessler PRTG Network Monitor before 17.3.33.2654 allows authenticated remote attackers to inject arbitrary web script or HTML...

How To Automate Security Analysis with the RIPS API

RIPS API RIPS exposes a powerful REST-API, an interface specifically designed for developers and their applications. It is used to provide the web interface with analysis results, to start scans through plugins, to manage users, and much more. In short, the API enables easy automation of all RIPS...

CVE-2017-12882

Stored Cross-site scripting XSS vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality...

Cross site scripting

Stored Cross-site scripting XSS vulnerability in Spring Batch Admin before 1.3.0 allows remote authenticated users to inject arbitrary JavaScript or HTML via the file upload functionality...

Threat Round-up for Aug 11 - Aug 18

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between August 11 and August 18. As with previous round-ups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavior...

simsng.com XSS vulnerability

Vulnerable URL: http://simsng.com/product//search?search="...

What’s new in Gartner WAF Magic Quadrant 2017?

To tell the truth, I was not much interested in Web Application Firewall market since the time when I was doing competitive analysis in Positive Technologies. And a few days ago Gartner published a fresh WAF research with interesting Magic Quadrants. I decided to figure out what's new there. Here...

Back to school cybersecurity tips for parents and kids

The time to start the new school term is just around the corner. And for parents, the excitement and anxiety may be palpable, especially if it's their kid's first time attending a new school. Ads for back-to-school gear start as early as July, increasing in frequency and urgency until the kiddos...

CVE-2017-10140

Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 might allow local users to gain privileges by leveraging undocumented functionality in Berkeley DB 2.x and later, related to reading settings from DBCONFIG in the current directory...

[SECURITY] Fedora 25 Update: jackson-databind-2.7.6-3.fc25

General data-binding functionality for Jackson: works on core streaming API...