79 matches found
Cross site scripting
A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Blog field to /admin/nodes/nodes/add/blog...
Easy!Appointments v1.2.1 Multiple Stored XSS Vulnerabilities
Summary Easy!Appointments is a highly customizable web application that allows your customers to book appointments with you via the web. Moreover, it provides the ability to sync your data with Google Calendar so you can use them with other services. It is an open source project and you can...
Authorization
An issue was discovered in Shimmie = 2.5.1. The vulnerability exists due to insufficient filtration of user-supplied data log passed to the "shimmie2-master/ext/chatbox/history/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable...
CVE-2017-6908
An issue was discovered in concrete5 = 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data fID passed to the "concrete5-legacy-master/web/concrete/tools/files/selectordata.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the...
Cross site scripting
Multiple Cross-Site Scripting XSS issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data tooltipid, callback, args, cid passed to the EPESI-master/modules/Utils/Tooltip/req.php URL. An attacker could execute arbitrary HTML and scrip...
Authorization
An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability exists due to insufficient filtration of user-supplied data in multiple parameters passed to several -sub-menu.php pages. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable...
CVE-2017-6390
CVE-2017-6390 impacts whatanime.ga due to insufficient filtration of user-supplied data passed to the the path “whatanime.ga-master/index.php”. The connected CNVD entry describes a cross-site scripting vulnerability where an attacker can cause arbitrary HTML/JavaScript to execute in a browser con...
Microsoft Internet Explorer Multiple Vulnerabilities (3116180)
This host is missing a critical security update according to Microsoft Bulletin MS15-124. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Balero CMS Multiple Vulnerabilities
Balero CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Prolink PRN2001 Multiple Vulnerabilities
This host is Prolink PRN2001 and is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PluggedOut Blog 1.51/1.60 Blog_Exec.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10885/info PluggedOut Blog is reported prone to a cross-site scripting vulnerability. This could allow for execution of hostile HTML and script code in the web client of a user who visits a malicious link to the vulnerabl...
Mango Blog 1.4.1 'archives.cfm/search' Cross Site Scripting Vulnerability
No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register class TestPOCPOCBase: vulID = 'SSV-87080' vul ID version = '1' author = 'fenghh' vulDate = '2010-03-03' createDate =...
storytlr "search"跨站脚本漏洞
storytlr是一款博客平台。 由于通过"search"参数传递到index.php/search/的输入在protected/application/public/controllers/SearchController.php中被返回用户前未能正确过滤,攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。 0 storytlr 1.2 目前厂商暂无提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://storytlr.org/...
MTP Guestbook 1.0 - Multiple Cross-Site Scripting Vulnerabilities
MTP Guestbook 1.0 - Multiple Cross-Site Scripting Vulnerabilities MTP Guestbook 1.0 Multiple Remote Script Insertion Vulnerabilities alert1;' / input type="hidden" name="ins...
Maxs Guestbook 1.0 - Multiple Remote Vulnerabilities
Maxs Guestbook 1.0 - Multiple Remote Vulnerabilities source: https://www.securityfocus.com/bid/52471/info Max's Guestbook is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary HTML and script code in the context of the affected browser,...
Open Classifieds 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities
Open Classifieds 1.7.2 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/49292/info Open Classifieds is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues t...
ManageEngine ServiceDesk Plus 8.0 Cross Site Scripting
ManageEngine ServiceDesk Plus 8.0 Multiple Stored XSS Vulnerabilities Vendor: Zoho Corporation Pvt. Ltd. Product web page: http://www.manageengine.com Affected version: 8.0.0 Build 8013 Enterprise Summary: ServiceDesk Plus integrates your help desk requests and assets to help you manage your IT...
Digital Scribe Multiple Cross Site Scripting Vulnerabilities
Digital Scribe is prone to multiple cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Feng Office Community版本跨站脚本执行和任意文件上传漏洞
Feng Office是一个开源的在线协作系统,采用BS架构,运用php语言开发而成。Feng Office原为OpenGoo,自OpenGoo1.61版开始,改称Feng Office。 Feng Office Community版本在实现上存在跨站脚本执行和任意文件上传漏洞,远程攻击者可利用此漏洞执行跨站脚本攻击和控制受影响系统。 1)在返回给用户之前没有正确过滤通过"filename"和"slimContent" POST参数发送到public/assets/javascript/slimey/save.php的输入。可被利用造成在受影响站点的浏览器会话中执行任意HTML和脚本代码...
Flock Browser RSS Feed Cross site scripting Vulnerability
Flock browser is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...