Cross site scripting

Cross-site scripting XSS vulnerability in Cisco Unity Connection 10.52.3009 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596...

Cross site scripting

Cross-site scripting XSS vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module APIC-EM 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238...

IBM WebSphere Application Server XSS Vulnerability (swg21647522)

IBM WebSphere Application Server is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the 1 Runtime Workbench RWB or 2 Pmitest servlet in the Process Monitoring Infrastructure PMI, aka SAP Security Notes 2206793 and 2234918...

CVE-2015-8759

CVE-2015-8759 describes a Cross-site Scripting (XSS) vulnerability in TYPO3. The flaw lies in the typoLink function, making TYPO3 6.2.x prior to 6.2.16 and 7.x prior to 7.6.1 susceptible when a link field is crafted by an authenticated editor. Impact described: ability to inject arbitrary web scr...

CVE-2015-8758

TYPO3 CVE-2015-8758 affects frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1. The vulnerability is a frontend XSS vulnerability allowing remote authenticated editors to inject arbitrary web script or HTML via unknown vectors. Root cause: cross-site scripting in unspecified fr...

CVE-2015-8756

CVE-2015-8756 affects TYPO3 6.2.x before 6.2.16 in the Indexed Search (indexed_search) component, where the search results view is vulnerable to cross-site scripting. The underlying issue allows a remote authenticated editor to inject arbitrary web script/HTML via unspecified vectors. The documen...

CVE-2015-7252

The CVE-2015-7252 entry describes a reflected XSS in the ZTE ZXHN H108N R1A (and affected W300) devices’ webproc CGI, via the errorpage parameter. The vulnerability allows remote injection of script/HTML and could enable session-related issues or credential exposure as part of broader multi-CVE f...

The vulnerability of Microsoft Exchange Server servers allows a hacker to inject arbitrary web or HTML code.

The vulnerability in Microsoft Exchange Server web applications exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code remotely...

Vulnerability of the microprogramming software used in Micrologix 1100 and 1400 programmable logic controllers, allowing intruders to inject arbitrary web or HTML code

The vulnerability of Micrologix 1100 and 1400 microprogrammed logic controllers’ web servers exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code remotely...

The vulnerability of the microprogramming software in Janitza UMG 508, 509, 511, 604, 605 power supply monitoring systems allows a intruder to inject arbitrary web or HTML code.

The vulnerability of the web interface of Microprogramming Software for Control Systems of Power Supply Networks Janitza UMG 508, 509, 511, 604, 605 exists due to the lack of measures taken to protect the structure of the web pages. Exploiting this vulnerability allows a malicious actor to inject...

http-vuln-cve2014-8877 NSE Script

Exploits a remote code injection vulnerability CVE-2014-8877 in Wordpress CM Download Manager plugin. Versions = 2.0.0 are known to be affected. CM Download Manager plugin does not correctly sanitise the user input which allows remote attackers to execute arbitrary PHP code via the CMDsearch...

Cross site scripting

Cross-site scripting XSS vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment...

Multiple Vulnerabilities found in ZHONE

Vantage Point Security Advisory 2015-002 ======================================== Title: Multiple Vulnerabilities found in ZHONE Vendor: Zhone Vendor URL: http://www.zhone.com Device Model: ZHONE ZNID GPON 2426A 24xx, 24xxA, 42xx, 42xxA, 26xx, and 28xx series models Versions affected: S3.0.501...

Cross site scripting

Cross-site scripting XSS vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " double quote character in a filename in a shared folder...

ZHONE ZNID GPON < 3.1.241 Multiple Vulnerabilities

ZHONE ZNID GPON is vulnerable to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NTP ntpd Code Injection Vulnerability

ntpd Network Time Protocol daemon is an operating system daemon that uses the Network Time Protocol NTP to keep synchronized with the system time of a time server. A security vulnerability exists in the 'readnetworkpacket' function in the ntpio.c file in ntpd in versions 4.x prior to NTP 4.2.8p1...

The vulnerability of the Microsoft SharePoint Foundation electronic document management system allows a hacker to inject arbitrary web or HTML code.

The vulnerability of the Microsoft SharePoint Foundation e-mail delivery system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject arbitrary web or HTML code remotely...

Code injection

Cisco Secure Access Control Server ACS Solution Engine 5.70.15 allows remote authenticated users to cause a denial of service SSH screen process crash via crafted 1 CLI or 2 GUI commands, aka Bug ID CSCuw24694...

CVE-2015-6909

Cross-site scripting XSS vulnerability in the "Create download task via file upload" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or HTML via the name element in the Info dictionary in a torrent file...