536 matches found
User Picker Custom field HTML tags showing when creating new issues
h3. Summary Customer reported that when creating custom field User Picker and added html tags in description field, text link shows correctly in Custom Field screen under Administration Setting. However when creating new issues, the create issue form for User Picker field shows the HTML code not...
CVE-2006-6660
The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service crash via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag...
DSA-3332-2 wordpress - regression update
Bulletin has no description...
Vimeo: Stored XSS on player.vimeo.com
Description The page loaded for the Vimeo embedded player prints the Name of the owner of the video in Javascript context. Some characters are escaped, like " but others like , and - if the video is public - any Vimeo user can be affected by the Javascript code that is loaded. However, there is a...
[SECURITY] [DLA 294-1] wordpress security update
Package : wordpress Version : 3.6.1+dfsg-1deb6u7 CVE ID : CVE-2015-2213 CVE-2015-5622 CVE-2015-5731 CVE-2015-5732 CVE-2015-5734 Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site...
DLA-294-1 wordpress - security update
Bulletin has no description...
Debian DSA-3332-1 : wordpress - security update
Several vulnerabilities have been fixed in Wordpress, the popular blogging engine. - CVE-2015-2213 SQL Injection allowed a remote attacker to compromise the site. - CVE-2015-5622 The robustness of the shortcodes HTML tags filter has been improved. The parsing is a bit more strict, which may affec...
Debian DSA-3328-1 : wordpress - security update
Several vulnerabilities have been found in Wordpress, the popular blogging engine. - CVE-2015-3429 The file example.html in the Genericicons icon font package and twentyfifteen Wordpress theme allowed for cross site scripting. - CVE-2015-5622 The robustness of the shortcodes HTML tags filter has...
DSA-3328-1 wordpress - security update
Bulletin has no description...
DigitalSellz: The email updates issues
The email message content at the https://www.digitalsellz.com/user//email-updates page contrary to the email customization one is not validated properly. So this form allows all the html tags and their parameters. For example, all the following tags are sent as is: Link Link alert3 and all their...
WordPress Yoast Google Analytics Cross Site Scripting
OVERVIEW ========== Google Analytics by Yoast is one of the most popular WordPress plug-ins with over 7 million downloads and "1+ million" active installs. Last month Yoast patched a stored XSS we reported in the plug-in. Shortly after this we identified another bug of a similar severity. The...
Yahoo Query Language Cross Site Scripting
/ Exploit Title: Yahoo Query Language Cross Site Scripting Vulnerability Exploit Author: Peyman D. aka C4T Vendor Homepage : http://query.yahooapis.com/ Google Dork: none Date: 2015-03-08 Tested on: Windows 7 / Mozila Firefox Exploit Code: Discovered by Peyman D. aka C4T alert'Successfully...
itBit Exchange: Stored xss in bank name withdraw
Open https://beta.itbit.com/accounts 2. Add new Bank Account with payload in name field - Bank of New York'"asdF 3. Save this account and 4. Select it as a target to withdraw As you can see in screenshot at this time there is some problem with javascript code some filtration affected but we...
FTLS GuestBook 1.1 Script Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6686/info Guestbook does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary script code into pages that are generated by the guestbook. The attacker's script code may be...
YaBB 9.1.2000 Cross-Agent Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3828/info YaBB Yet Another Bulletin Board is freely available web forums/community software that is written in Perl. YaBB will run on most Unix/Linux variants, MacOS, and Microsoft Windows 9x/ME/NT/2000/XP platforms. YaBB...
Agora.CGI 3.x/4.0 Debug Mode Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output. Debug mode is not...
Ultimate Bulletin Board 5.4/6.0/6.2 Cross-Agent Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3829/info UBB Ultimate Bulletin Board is commercial web forums/community software that is written in Perl. It runs on various Unix/Linux variants, as well as Microsoft Windows NT/2000. UBB is prone to cross-agent scriptin...
Microsoft Internet Explorer 6.0 - Local File Access Weakness
No description provided by source. source: http://www.securityfocus.com/bid/22621/info Microsoft Internet Explorer is reportedly prone to multiple local file-access weaknesses because the application fails to properly handle HTML tags. These issues are triggered when an attacker entices a victim...
Powie PForum 1.1x Username Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4165/info Powie PForum is web forum software, written in PHP and back-ended by MySQL. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. PForum is prone to cross-site scripting...
PHPSelect Submit-A-Link HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17348/info Submit-A-Link is prone to an HTML-injection vulnerability. The script fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code woul...