Multiple Cross-Site Scripting Vulnerabilities in WordPress WpJobBoard

WordPress WpJobBoard is a job panel plugin for WordPress. wpjb-email, wpjb-job, wpjb-application, and wpjb-membership are components of it. wpjb-email is an email component. wpjb- job is a job management component. Multiple cross-site scripting vulnerabilities exist in the 'query' and 'id'...

Cross site request forgery (csrf)

There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing for example an attack against the query parameter to panel/database...

CVE-2017-15063

There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and before 4.2.0, because of a logic error. Although there is functionality to detect CSRF, it is called too late in the ia.core.php code, allowing for example an attack against the query parameter to panel/database...

finesthotels.net XSS vulnerability

Vulnerable URL: https://www.finesthotels.net/en/hotel-offers/offers.html?query=STOPSENDINGMESPAM=alert/OPENBUGBOUNTY/...

CVE-2017-12798

Cross-Site Scripting XSS exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php...

Cross site scripting

Cross-site scripting XSS vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monitoring plugin 1.7.5 for WordPress, allows remote attackers to inject arbitrary web script or HTML via the query parameter to whois.php...

CVE-2015-3998

phpwhois version 4.2.5 used in the WordPress adsense-click-fraud-monitoring plugin version 1.7.5 is documented to have a cross-site scripting (XSS) vulnerability. An attacker can inject arbitrary script or HTML via the query parameter to whois.php. The linked reports confirm the affected componen...

uit.no XSS vulnerability

Vulnerable URL: https://uit.no/finn?q=1"--...

CVE-2017-3161

The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting XSS attack through an unescaped query parameter...

CVE-2017-3162

HDFS clients interact with a servlet on the DataNode to browse the HDFS namespace. The NameNode is provided as a query parameter that is not validated in Apache Hadoop before 2.7.0...

CVE-2017-3161

The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a cross-site scripting XSS attack through an unescaped query parameter...

Subrion CMS SQL Injection Vulnerability

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A SQL injection vulnerability exists in the admin/database/ URI in Subrion CMS version 4.0.5.10. A remote...

CVE-2017-6013

Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter...

Sql injection

Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query parameter...

Sql injection

Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson formerly ESBUS allow remote attackers to execute arbitrary SQL commands via the 1 TABLE parameter to esbus/servlet/GetSQLData or 2 QUERY parameter to KKLS9ReportingPortal/GetData...

CVE-2017-6550

Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson formerly ESBUS allow remote attackers to execute arbitrary SQL commands via the 1 TABLE parameter to esbus/servlet/GetSQLData or 2 QUERY parameter to KKLS9ReportingPortal/GetData...

Reflective cross-site scripting vulnerability in multiple parameters of DuoDuo Rebate System V8.3_UTF8 official version

DuoDuo rebate system is for e-commerce rebate, shopping guide to provide solutions, is the open source PHP rebate site system. DuoDuoRebate.com system V8.3UTF8 official version February 10, 2017 There is a reflective cross-site scripting vulnerability. Due to the code parameter , ddusername...

falke.com XSS vulnerability

Vulnerable URL: http://www.falke.com/dede/search?query=1zqjqe...

U.S. Dept Of Defense: Video player on ███ allows arbitrary remote videos to be played

Summary: A Flash video player hosted on ███████ can be provided with an arbitrary remote XML file via the url query string parameter. Description: The Flash video player http://█████/shared/widgets/popup.asp uses the url query string parameter as an address to fetch an RSS feed type XML document...

udt.ru XSS vulnerability

Vulnerable URL: http://udt.ru/search/?q=%22%3E%3C%2Fscript%3E%3Cimg+src%3Dx+onerror%3Dprompt%2FXSSPOSED%2F%3E=%D0%9F%D0%BE%D0%B8%D1%81%D0%BA Details: Description| Value ---|--- Patched:| Yes, at 22.05.2017 Latest check for patch:| 22.05.2017 03:08 GMT Vulnerability type:| XSS Vulnerability status...