IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-06537)

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. A cross-site scripting...

Cygnus Ease Mail Client - Address Book Cross-Site Scripting Vulnerability

Cygnus EaseMail Client is a professional e-mail client software for sending, receiving and managing e-mails, supporting the import of certificates and encrypted sending. The Cygnus Mail client is vulnerable to a cross-site scripting vulnerability. Allows an attacker to insert malicious js code in...

Adobe Brackets Cross-site Scripting and Unspecified Vulnerabilities - Mac OS X

Adobe Brackets is prone to cross-site scripting and an unspecified vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Adobe Brackets Cross-site Scripting and Unspecified Vulnerabilities - Windows

Adobe Brackets is prone to cross-site scripting and an unspecified vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

The vulnerability of the cgiPutts function on the CUPS printing server allows a hacker to inject any JavaScript or HTML code into the generated web interfaces.

The vulnerability in the cgiPutts function cgi-bin/template.c of the CUPS printing server is related to insufficient protection of the web page structure. Exploiting this vulnerability allows an attacker to inject arbitrary JavaScript or HTML code into the web pages generated by the system throug...

APSB16-20 Security update available for Adobe Brackets

Adobe has released a security update for Adobe Brackets for Windows, Macintosh and Linux. This update resolves a JavaScript injection vulnerability CVE-2016-4164 and a vulnerability in the extension manager CVE-2016-4165. Adobe recommends users update their product installation using the...

Zendesk: XSS in zendesk.com/product/

Vulnerable urls: https://www.zendesk.com/product/tour/ https://www.zendesk.com/product/pricing/ or just https://www.zendesk.com/product/ Vulnerable parameter is a cvosid1, used in live.js to call convertro code without sanitizing. This leads to generating malformed javascript answer with XSS...

drchrono: Template stored XSS

The template filed names are not escaped properly, which gives an opportunity to inject HTML tags with javascript there. 1. Log into your account 2. Open the template builder https://%yourdomain%.drchrono.com/clinical/advancedformbuilder 3. Create a new template with a field called 4. Save the...

Reflective XSS Vulnerability in EasyCMS Enterprise Marketing Management System Administration Backend

EasyCMS is a web content management system based on PHP+Mysql architecture. A reflective XSS vulnerability exists in the administration backend of the EasyCMS enterprise marketing management system, which can be exploited by an attacker to submit data with js code on the personal information page...

Uber: Stored XSS on newsroom.uber.com admin panel / Stream WordPress plugin

newsroom.uber.com uses a WordPress plugin called Stream to log user activity. In some cases the logged events aren't sanitized properly and can contain HTML tags and JavaScript. An unauthenticated user can produce such a log message to inject JavaScript in the admin panel. When an administrator...

Cross-site Scripting Vulnerability in WPSMAIL Email Client

WPS Mail is a mail sending and receiving software developed by Kingsoft Group. There is a cross-site scripting vulnerability in the WPSMAIL email client, where js code is added to the content of sent emails, which triggers a cross-site attack when receiving emails...

FreeBSD : xymon-server -- multiple vulnerabilities (1cecd5e0-c372-11e5-96d6-14dae9d210b8)

J.C. Cleaver reports : - CVE-2016-2054: Buffer overflow in xymond handling of 'config' command - CVE-2016-2055: Access to possibly confidential files in the Xymon configuration directory - CVE-2016-2056: Shell command injection in the 'useradm' and 'chpasswd' web applications - CVE-2016-2057:...

xymon-server -- multiple vulnerabilities

J.C. Cleaver reports: CVE-2016-2054: Buffer overflow in xymond handling of "config" command CVE-2016-2055: Access to possibly confidential files in the Xymon configuration directory CVE-2016-2056: Shell command injection in the "useradm" and "chpasswd" web applications CVE-2016-2057: Incorrect...

phpDolphin 2.0.5 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: phpDolphin http://target.com/index.php?a=search&q=teste&filter=m"XSS CSRF ==== We've found no protection against CSRF Cross-site Request Forgery, which made possible to do any kind of act on a user or admin account. NO FORMS are...

Open Source Social Network 3.5 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Open Source Social Network 3.5 Product: Fixed in: 3.6 Fixed Version https://www.opensource-socialnetwork.org/downloads/ Link: ossn-v3.6-1443545762.zip Vendor Contact: https://www.opensource-socialnetwork.org/contact Vulnerability...

Supercali Event Calendar 1.0.8 Cross Site Scripting

Security Advisory - Curesec Research Team 1. Introduction Affected Product: Supercali Event Calendar 1.0.8 Fixed in: not fixed Fixed Version Link: n/a Vendor Website: http://supercali.inforest.com/ Vulnerability Type: XSS Remote Exploitable: Yes Reported to vendor: 09/01/2015 Disclosed to public:...

Accentis Content Resource Management System Cross Site Scripting

Vulnerability type: Stored Cross Site Scripting Vendor: http://www.accentis.com.au/ Product: Accentis Content Resource Management System Credit: Foo Jong Meng, Chia Junyuan, Benjamin Tan CVE ID: CVE-2015-3425 PROOF OF CONCEPT XSS Accentis Content Resource Management System before October 2015 pat...

Sagem FAST3304-V2 - Authentication Bypass (2)

Sagem FAST3304-V2 - Authentication Bypass 2 ================================================================================ || | | || || || |/ | || |/ | | | | | | | | | | | \ | | | | \ ================================================================================ Exploit Title: Sagem javascrip...

Sagem FAST3304-V2 - Authentication Bypass (2)

================================================================================ || | | || || || |/ | || |/ | | | | | | | | | | | \ | | | | \ ================================================================================ Exploit Title: Sagem javascript injection Date: 27/10/15 Exploit Author:...

Mageia: Security Advisory (MGASA-2015-0302)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...