CVE-2016-3703

Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an accesstoken in the quer...

3: Untrusted content loaded via the API proxy can access web console credentials on the same domain

An origin validation vulnerability was found in OpenShift Enterprise. An attacker could potentially access API credentials stored in a web browser's localStorage if anonymous access was granted to a service/proxy or pod/proxy API for a specific pod, and an authorized accesstoken was provided in t...

CVE-2016-3971

Cross-site scripting XSS vulnerability in lucenesearch.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout...

CVE-2016-3971

Cross-site scripting XSS vulnerability in lucenesearch.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout...

parkingcrew.net XSS vulnerability

Vulnerable URL: http://parkingcrew.net/?query=...

seismonepal.com XSS vulnerability

Vulnerable URL: http://seismonepal.com/?query='...

LiteCart 1.3.2 Cross Site Scripting Vulnerability

LiteCart version 1.3.2 suffers from a cross site scripting vulnerability. 1. Introduction Affected Product: LiteCart 1.3.2 Fixed in: 1.3.3 Fixed Version Link: https://www.litecart.net/downloading?version=1.3.3.1 Vendor Contact: email protected Vulnerability Type: XSS Remote Exploitable: Yes...

ZOHO ManageEngine EventLog Analyzer Securely Bypasses SQL Injection Vulnerability

ZOHO ManageEngine EventLog Analyzer is a set of system, event log analysis software. The ZOHO ManageEngine EventLog Analyzer event/runQuery.do file fails to adequately filter the 'query' parameter, allowing remote attackers to exploit the vulnerability by submitting a specially crafted SQL query ...

ECE Projects 'tx_solr[q]' Parameter Cross-Site Scripting Vulnerability

ECE Projects is a project management application. ECE Projects handles a cross-site scripting vulnerability in the 'txsolrq' parameter, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain access to sensitive information or...

LivelyCart SQL Injection Vulnerability

LivelyCart is a PHP online storage store based on JQuery. A SQL injection vulnerability exists in LivelyCart version 1.2.0. A remote attacker can exploit this vulnerability to execute arbitrary SQL commands with the 'searchquery' parameter in the product/search URI...

CVE-2015-5150

Multiple cross-site scripting XSS vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the 1 query parameter in the runqueryeditorquery module to CustomReportHandler.do, 2 compAcct parameter to jsp/ResetADPwd.jsp,...

CVE-2015-1159

Cross-site scripting XSS vulnerability in the cgiputs function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/...

DEBIAN-CVE-2015-1159

Cross-site scripting XSS vulnerability in the cgiputs function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/...

CVE-2015-1159

Cross-site scripting XSS vulnerability in the cgiputs function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/...

CVE-2015-5066

Multiple cross-site scripting XSS vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the 1 content or 2 title field in an add action in the posts page to index.php or the 3 q parameter in the posts page to index.php...

UBUNTU-CVE-2015-1159

Cross-site scripting XSS vulnerability in the cgiputs function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/...

Pimcore /misc/http-error-log _dc SQL Injection Vulnerability

Pimcore is a purely object-oriented system based on the Zend Framework, written in PHP 5. Pimcore /misc/http-error-log fails to properly handle the 'dc' GET parameter, allowing remote attackers to exploit the vulnerability by submitting specially crafted SQL queries to manipulate or obtain databa...

Fortinet FortiAnalyzer 'sql-query' Cross-Site Scripting Vulnerability

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The solution is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

OrangeHRM /index.php/admin/saveJobTitle jobTitleId parameter cross-site scripting vulnerability

OrangeHRM is an open source human resource management tools , features include employee data management , employee self-service system , attendance , allowances and recruitment and other functions . OrangeHRM has a cross-site scripting vulnerability , due to /index.php/admin/saveJobTitle function...

SnipSnap 'query' parameter cross-site scripting vulnerability

SnipSnap is a free java written and easy to install webBlog and wiki tools. A cross-site scripting vulnerability exists in the SnipSnap 'query' parameter due to the program failing to properly process user-supplied input. This allows an attacker to steal cookie-based authentication credentials an...