5053 matches found
CVE-2016-7146
Removed by vendor...
CVE-2016-7146
CVE-2016-7146 affects MoinMoin 1.9.8, where a Cross-Site Scripting (XSS) flaw allows remote attackers to inject JavaScript via the page creation or crafted URL, specifically through the action=fckdialog&dialog=attachment (via page name) component. Connected advisories corroborate the issue and li...
CVE-2016-7148
MoinMoin 1.9.8 is affected by CVE-2016-7148, a Cross Site Scripting (XSS) issue related to the page creation/AttachFile component. The root cause is improper sanitization in the AttachFile/page-name handling, enabling remote JavaScript injection. Some connected sources (GN) reference a fix to 1.9...
CVE-2016-7148
Removed by vendor...
CVE-2016-7148
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting XSS" issue affecting the action=AttachFile via page name component...
CVE-2016-7146
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting XSS" issue affecting the action=fckdialog&dialog=attachment via page name component...
UBUNTU-CVE-2016-7148
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting XSS" issue affecting the action=AttachFile via page name component...
Bassmaster 1.5.1 - Batch Arbitrary JavaScript Injection Remote Code Execution (Metasploit)
require 'msf/core' class MetasploitModule 'Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution', 'Description' = %q This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and...
Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution Exploit
This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and allows an attacker to dynamically execute JavaScript code on the server side using an eval. Note that the code uses a '\x2f' character...
IBM TRIRIGA Application Platform Cross-Site Scripting Vulnerability
The IBM TRIRIGA Application Platform is a set of technology platforms for deploying TRIRIGA applications from IBM in the United States. The platform provides a set of design-time and run-time components for building and running its enterprise applications, respectively, and supports...
Brave Software: invalid homepage URL causes 'uncaught typeerror' or blank state
Summary: The issue is when you set the homepage as https://brave.com;https://google.com.vn and then change the setting to launch brave with homepage Products affected: Tested on windows7 x64 + BraveSetup-ia32 Steps To Reproduce: 1.go to Settings - General, inject to "My home page is":...
Cross-site scripting (XSS) vulnerability in China Mobile 139 Mailbox PC V2.5.1
139 Mailbox for PC is a general-purpose mailbox client launched by China Mobile. A cross-site scripting XSS vulnerability exists in China Mobile 139 Mailbox PC V2.5.1. An attacker exploiting the vulnerability can insert malicious js code into the page to obtain user cookies and other information,...
Cross-site Scripting Vulnerability in EaseUS Content Management System
EECO Content Management System is a marketing enterprise website system developed based on SEO-friendliness. There is an XSS cross-site scripting vulnerability in EE Content Management System. The vulnerability file is comment.php, due to the safecheck function is not filtered completely, the...
IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-08265)
IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...
IBM Security Privileged Identity Manager Virtual Appliance Cross-Site Scripting Vulnerability
IBM Security Privileged Identity Manager is an identity management product within the IBM Identity Governance and Management solution that protects, automates, and audits the use of privileged identities to help defend against insider threats and improve security. IBM Security Privileged Identity...
WiFi-Pumpkin v0.8.1 - Framework for Rogue Wi-Fi Access Point Attack
Framework for Rogue Wi-Fi Access Point Attack Description WiFi-Pumpkin is a open source security tool that provides the Rogue access point to Man-In-The-Middle and network attacks. Installation Kali 2.0/WifiSlax 4.11.1/Parrot 3.0.1/2.0.5 Python 2.7 git clone...
Multiple stored cross-site scripting vulnerabilities in PHPCMS
PHPCMS is an open source website management software.PHPCMS V9 V9 for short uses PHP5+MYSQL as the technical basis for development. The latest version of PHPCMS has multiple stored cross-site scripting vulnerabilities that can be exploited by attackers to inject arbitrary JavaScript code into the...
IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06697)
IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...
IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06650)
IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...
IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06647)
IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...