3942 matches found
CVE-2017-2254
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input...
CVE-2017-2254
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input...
Input validation
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input...
CVE-2017-2254
Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of service in the application menu's edit function via specially crafted input...
Shopify: Stored XSS Deleting Menu Links in the Shopify Admin
Hello Team, I found a stored xss issue. PoC unlisted: https://youtu.be/MjnKyFgqTTo watch my PoC than you'll understood everything. Payloads: // " Looks Like this issue available at " Title in Add menu " and also available at "Title" in " Menu Item " Mirror: https://azizvai.myshopify.com/ Thanks...
EZSA-2017-006 Information disclosure in backend content tree menu
More info at http://share.ez.no/community-project/security-advisories/ezsa-2017-006-information-disclosure-in-backend-content-tree-menu...
CVE-2017-9497
The Comcast firmware on Motorola MX011ANM firmware version MX011AN2.9p6s1PRODsey devices allows physically proximate attackers to execute arbitrary commands as root by pulling up the diagnostics menu on the set-top box, and then posting to a Web Inspector route...
Command injection
The Comcast firmware on Motorola MX011ANM firmware version MX011AN2.9p6s1PRODsey devices allows physically proximate attackers to execute arbitrary commands as root by pulling up the diagnostics menu on the set-top box, and then posting to a Web Inspector route...
Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2017-15107)
Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions, and supports free switching among three languages Chinese, Japanese, and English. A cross-site scripting...
CVE-2017-2146
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu...
Cross site scripting
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu...
CVE-2017-2146
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu...
CVE-2017-2146
CVE-2017-2146 is a cross-site scripting vulnerability in Cybozu Garoon version 3.0.0 through 4.2.4. The issue allows a remote attacker to inject arbitrary web script or HTML via the application menu, potentially causing arbitrary script execution in the logged-in user’s browser. Affected products...
CVE-2017-2146
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 allows remote attackers to inject arbitrary web script or HTML via application menu...
dynastychineserestaurant.com XSS vulnerability
Open Bug Bounty ID: OBB-258334 Description| Value ---|--- Affected Website:| dynastychineserestaurant.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
parcol.com XSS vulnerability
Vulnerable URL: http://parcol.com/index.asp?menu=1"...
Cybozu Garoon vulnerable to cross-site scripting
Overview Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting in the application menu. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact An arbitrary script may be executed on the logged-in user's web browser. Solution Upda...
latesttraveloffers.com XSS vulnerability
Open Bug Bounty ID: OBB-257525 Description| Value ---|--- Affected Website:| latesttraveloffers.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
UPM - "Most used" section on the start menu not populated correctly
The "Most Used" section in the Start menu is not populated correctly in the user profile when logging on to Windows 8 / Windows 10 / Windows server 2012 VDA...
WordPress Responsive Menu plugin <= 3.1.3 - Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerability
Wordpress Responsive Menu plugin Cross-Site Request Forgery CSRF and Cross-Site Scripting XSS Vulnerabilities. There's a lack of sanitization for saving the options in updateOptions function, in the /app/Controllers/AdminController.php file. Also, a nonce is missing in the plugin's settings page...