MantisBT Source Integration Plugin Cross-Site Scripting Vulnerability

MantisBT is MantisBT team of a Web-based open source defect tracking system . The system provides project management and defect tracking services in the form of Web operations . Source Integration plugin is used in which a source code control integration plugin . A cross-site scripting...

CVE-2018-16362

An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting XSS vulnerability in the Manage Repository and Changesets List pages allows execution of arbitrary code if CSP settings permit it via repomanagepage.php or list.php...

CVE-2018-16362

An issue was discovered in the Source Integration plugin before 1.5.9 and 2.x before 2.1.5 for MantisBT. A cross-site scripting XSS vulnerability in the Manage Repository and Changesets List pages allows execution of arbitrary code if CSP settings permit it via repomanagepage.php or list.php...

CVE-2017-6958

An XSS vulnerability in the MantisBT Source Integration Plugin before 2.0.2 search result page allows an attacker to inject arbitrary HTML or JavaScript if MantisBT's CSP settings permit it by crafting any valid parameter...

Cross site scripting

An XSS vulnerability in the MantisBT Source Integration Plugin before 2.0.2 search result page allows an attacker to inject arbitrary HTML or JavaScript if MantisBT's CSP settings permit it by crafting any valid parameter...

CVE-2017-6958

An XSS vulnerability in the MantisBT Source Integration Plugin before 2.0.2 search result page allows an attacker to inject arbitrary HTML or JavaScript if MantisBT's CSP settings permit it by crafting any valid parameter...

CVE-2017-6958

The CVE-2017-6958 entry describes an XSS vulnerability in the MantisBT Source Integration Plugin (pre-2.0.2). The flaw allows an attacker to inject arbitrary HTML/JavaScript via crafted parameters on the plugin’s search results page, potentially exploiting CSP allowances in MantisBT. Affected com...

CVE-2016-6668

The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating wit...

CVE-2016-6668 - The HipChat plugin for various products leaks the secret key it uses to communicate with a linked HipChat instance.

The Atlassian Hipchat Integration Plugin for Bitbucket Server exposed the secret key it used to communicate with a linked HipChat service in various administration pages. For this vulnerability to affect your Bitbucket Server instance you must have a HipChat integration established. To exploit th...

CVE-2016-6668 - The HipChat plugin for various products leaks the secret key it uses to communicate with a linked HipChat instance.

The Atlassian Hipchat Integration Plugin for Bitbucket Server exposed the secret key it used to communicate with a linked HipChat service in various administration pages. For this vulnerability to affect your Bitbucket Server instance you must have a HipChat integration established. To exploit th...

VMware vCloud Director 5.5.x < 5.5.6 Client Integration Plugin Session Hijacking (VMSA-2016-0004)

The version of VMware vCloud Director installed on the remote host is 5.5.x prior to 5.5.6. It is, therefore, affected by a flaw in the VMware Client Integration Plugin due to a failure to handle session content in a secure manner. A remote attacker can exploit this, by convincing a user to visit...

VMware vCenter Server 5.5.x < 5.5u3d / 6.0.x < 6.0u2 Client Integration Plugin Session Hijacking (VMSA-2016-0004)

The version of VMware vCenter Server installed on the remote host is 5.5.x prior to 5.5u3d or 6.0.x prior to 6.0u2. It is, therefore, affected by a flaw in the VMware Client Integration Plugin due to a failure to handle session content in a secure manner. A remote attacker can exploit this, by...

Code injection

Client Integration Plugin CIP in VMware vCenter Server 5.5 U3a, U3b, and U3c and 6.0 before U2; vCloud Director 5.5.5; and vRealize Automation Identity Appliance 6.2.4 before 6.2.4.1 mishandles session content, which allows remote attackers to hijack sessions via a crafted web site...

VMware Patches Critical Session Handling Vulnerability

VMware fixed a critical vulnerability in one of its products this week that if exploited by an attacker, could’ve led to a man-in-the-middle attack. According to an advisory, the problem existed in VMware’s Client Integration plugin, a collection of tools present in a handful of other products th...

VMWare Releases Security Updates

VMware has released security updates to address a vulnerability in vCenter Server, vCloud Director, vRealize Automation Identity Appliance, and the Client Integration Plugin. Exploitation of this vulnerability may allow a remote attacker to obtain sensitive information. Users and administrators a...

PT-2014-4357 · Videowhisper · Videowhisper Live Streaming Integration

Name of the Vulnerable Software and Affected Versions: VideoWhisper Live Streaming Integration plugin versions prior to 4.29.5 Description: The issue allows remote attackers to read or delete arbitrary files due to directory traversal vulnerabilities in the VideoWhisper Live Streaming Integration...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ls/htmlchat.php in the VideoWhisper Live Streaming Integration plugin 4.25.3 and possibly earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 message parameter. NOTE: some of these details are...

CVE-2011-5179

Cross-site scripting XSS vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter...

CVE-2007-4401

CVE-2007-4401 describes multiple CRLF injection vulnerabilities in the Advanced mIRC Integration Plugin (and possibly other unspecified mIRC scripts) that allow user-assisted remote attackers to execute arbitrary IRC commands via CRLF sequences embedded in the name of an mp3 file. The linked sour...