CVE-2014-0208

CVE-2014-0208 is a Foreman XSS vulnerability in the search auto-completion, exploitable by remote authenticated users via a crafted key name in Foreman versions prior to 1.4.4. Root cause: reflected/stored XSS in the auto-complete input path (exact implementation details not provided in the docum...

CVE-2017-15279

Umbraco CMS prior to 7.7.3 contains an XSS vulnerability exploitable via the PageName/nodename parameter during new page creation. The issue arises from improper input sanitization, allowing an attacker’s script/HTML to be stored and subsequently served to users. Reported across multiple sources ...

CVE-2015-7318

CVE-2015-7318 affects Plone 3.3.0–3.3.6, where remote attackers could inject headers into HTTP responses. The primary source states vulnerable component/version and the impact is header injection in Plone’s HTTP responses. Public references indicate the issue is fixed by a vendor-provided securit...

CVE-2017-11396

Vulnerability issues with the web service inspection of input parameters in Trend Micro Web Security Virtual Appliance 6.5 may allow potential attackers who already have administration rights to the console to implement remote code injections...

vBulletin VBSEO 'visitormessage.php' Remote Code Injection Vulnerability

vBulletin is the United States Internet Brands and vBulletin Solutions, Inc. jointly developed an open source commercial Web forum program. vBulletin VBSEO module is one of the SEO management module . A security vulnerability exists in the functionsvbseohook.php file in the vBulletin VBSEO module...

CVE-2015-8349

Cross-site scripting XSS vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php...

SUSE-SU-2017:2390-1 Security update for evince

This update for evince fixes the following issue: - CVE-2017-1000083: Remote attackers could have used the comicbook mode of evince to inject shell code bsc1046856...

CVE-2017-14048

BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted newmodulename parameter to backend/addons/ajaxcreate.php. NOTE: this can be exploited via CSRF...

CVE-2017-14048

BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary PHP code into info.php via a crafted newmodulename parameter to backend/addons/ajaxcreate.php. NOTE: this can be exploited via CSRF...

CVE-2017-14048

BlackCat CMS 1.2 is affected. Remote authenticated users can inject arbitrary PHP code into info.php via a crafted new_modulename parameter to backend/addons/ajax_create.php, enabling code execution. The issue is also exploitable via CSRF; root cause is insufficient validation in ajax_create.php....

Cross site scripting

Cross-site scripting XSS vulnerability in Coremail XT3.0 allows remote attackers to inject arbitrary web script or HTML via a hyperlink in a document attachment...

SAP NetWeaver Visual Composer Remote Code Injection Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. A remote code injection vulnerability exists in SAP NetWeaver Visual Composer. An attacker could exploit the...

CVE-2017-6782

Cisco Prime Infrastructure (CPI) HTML Injection vulnerability CVE-2017-6782 allows an authenticated remote attacker to modify a page in the CPI administrative web interface due to improper sanitization of parameter values. Attack chain involves injecting code into an affected parameter and entici...

IBM Curam Social Program Management Remote Code Injection Vulnerability

IBM Curam Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A remote code injection vulnerability exists in IBM Curam SPM. An attacker could exploit this vulnerability to inject or...

CVE-2015-2690

CVE-2015-2690 affects FreePBX Digium Addons (digiumaddoninstaller) before 2.11.0.7. Multiple XSS flaws exist in views/add-license-form.php invoked via admin/config.php (type=setup, display=digiumaddons, page=add-license-form, addon=ffa). The attacker can inject script/HTML through any of 12 param...

CVE-2017-2285

The CVE affects WordPress plugin Simple Custom CSS and JS prior to version 3.4. A reflected cross-site scripting (CWE-79) vulnerability allows an attacker to inject arbitrary script, potentially executing in a logged-in user’s browser. The exact attack vectors aren’t specified in the provided doc...

CVE-2017-11460

CVE-2017-11460 is a cross-site scripting (XSS) vulnerability in the DataArchivingService servlet of SAP NetWeaver Portal 7.4. The issue allows remote attackers to inject arbitrary web script or HTML by manipulating the responsecode parameter in shp/shp_result.jsp. Public sources consistently desc...

SUSE-SU-2017:1893-1 Security update for evince

This update for evince fixes the following issues: - CVE-2017-1000083: Remote attackers could have used the comicbook mode of evince to inject shell code. bsc1046856, bgo784630...

SUSE-SU-2017:1894-1 Security update for evince

This update for evince fixes the following issues: - CVE-2017-1000083: Remote attackers could have used the comicbook mode of evince to inject shell code. bsc1046856, bgo784630...

CVE-2017-1000032

Cross-Site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parentid parameter to tree.php and drpaction parameter to datasources.php...