Cross site scripting

Cross-site scripting XSS vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2016-4327

Cross-site scripting XSS vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

Sql injection

Eval injection vulnerability in tftpapi.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE template type portion of the PATHINFO to tftp/...

CVE-2016-3079

Multiple cross-site scripting XSS vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to systems/SystemEntitlements.do; 2 the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a...

CVE-2016-3079

Multiple cross-site scripting XSS vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to systems/SystemEntitlements.do; 2 the label parameter to admin/multiorg/EntitlementDetails.do; or the name of a...

CVE-2015-8398

Cross-site scripting XSS vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to rest/prototype/1/session/check...

Cross site scripting

Cross-site scripting XSS vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to rest/prototype/1/session/check...

Cross site scripting

Cross-site scripting XSS vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to portal...

CVE-2016-0712

Cross-site scripting XSS vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to portal...

CVE-2015-7706

Multiple cross-site scripting XSS vulnerabilities in Secure Data Space SDS-API before 3.5.7 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to api/v3/public/shares/downloads/, the 2 authType parameter to api/v3/auth/login, or the 3 login parameter to...

CVE-2015-7706

Multiple cross-site scripting XSS vulnerabilities in Secure Data Space SDS-API before 3.5.7 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to api/v3/public/shares/downloads/, the 2 authType parameter to api/v3/auth/login, or the 3 login parameter to...

Joyent Node.js Geddy Directory Traversal Vulnerability

Joyent Node.js is the United States Joyent company's set of web applications built on Google V8 JavaScript engine on top of the platform. Geddy is one of the front-end framework. A directory traversal vulnerability exists in the lib/app/index.js file in Joyent Node.js Geddy 13.0.7 and earlier...

CVE-2015-6518

Multiple cross-site scripting XSS vulnerabilities in phpLiteAdmin 1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO, 2 droptable parameter, or 3 table parameter to phpliteadmin.php...

CVE-2015-5456

PivotX is affected by CVE-2015-5456: an XSS in the form method (modules/formclass.php) present in PivotX versions before 2.3.11. The vulnerability is triggered via PATH_INFO (related to PHP_SELF) and form actions, allowing remote injection of script/html with no authentication. NVD notes CVSSv2 b...

CVE-2015-2250

Multiple cross-site scripting XSS vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the 1 bannedword parameter to index.php/dashboard/system/conversations/bannedwords/success, 2 channel parameter to index.php/dashboard/reports/logs/view, 3...

GoAutoDial GoAdmin CE 'cpanel' Arbitrary Command Execution Vulnerability

GoAutoDial is a set of open source Web-based call center software running on CentOS systems.GoAdmin CE is one of the set of administrator applications. A security vulnerability in the 'cpanel' function in the gosite.php script of GoAutoDial GoAdmin CE allows remote attackers to execute arbitrary...

CVE-2015-2845

The cpanel function in gosite.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATHINFO...

CVE-2015-2843

Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 userpass parameter in gologin.php or the PATHINFO to 3 gologin/validatecredentials/admin/ or 4 index.php/gosite/gogetuserinfo/...

Sql injection

Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 userpass parameter in gologin.php or the PATHINFO to 3 gologin/validatecredentials/admin/ or 4 index.php/gosite/gogetuserinfo/...

Command injection

The cpanel function in gosite.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATHINFO...