CVE-2014-2326

Cross-site scripting XSS vulnerability in cdef.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

perl-HTTP-Body: update to 1.19 release with security fixes (important)

perl-HTTP-Body was updated to 1.19 and also received a security fix for a potential remote code injection when upload files...

Dell SonicWall EMail Security 7.4.5 - Multiple Vulnerabilities

Document Title: =============== Dell SonicWall EMail Security 7.4.5 - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1191 Dell SonicWall Security Bulletin:...

CVE-2013-7343

CVE-2013-7343 describes a cross-site scripting (XSS) vulnerability in Flowplayer’s Flash fallback component, specifically in the flowplayer.swf used by Flowplayer HTML5 5.4.3. The issue allows remote attackers to inject arbitrary web script or HTML by abusing URL encoding within the name of the c...

CVE-2014-1904

Cross-site scripting XSS vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action...

Joomla Freichat Cross Site Scripting

Hello, Multiple cross-site scripting XSS vulnerabilities in Freichat component for Joomla! allow remote attackers to inject arbitrary web script or HTML code via 1 the id or xhash parameters to /client/chat.php or 2 the toname parameter to /client/plugins/upload/upload.php. File: /client/chat.php...

Fonality trixbox - 'mac' Remote Code Injection

App : Trixbox all versions vendor : trixbox.com Author : i-Hmx mail : [email protected] Home : security arrays inc , sec4ever.com ,exploit4arab.net Well well well , we decided to give schmoozecom a break and have a look @ fonality products do you think they have better product than the Award...

Fonality trixbox - mac Remote Code Injection

Fonality trixbox - mac Remote Code Injection App : Trixbox all versions vendor : trixbox.com Author : i-Hmx mail : [email protected] Home : security arrays inc , sec4ever.com ,exploit4arab.net Well well well , we decided to give schmoozecom a break and have a look @ fonality products do you think...

CVE-2013-3943

CVE-2013-3943 (DotNetNuke/DNN) — XSS in Display Name field . Affected: DNN versions before 6.2.9 and 7.x before 7.1.1. Description: remote authenticated users can inject arbitrary script/HTML via the Display Name in Manage Profile, indicating a persistent XSS vulnerability. Connection details fro...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING to admin/index.php...

synetics i-doit pro API跨站脚本漏洞

BUGTRAQ ID：65957 CVE ID：CVE-2014-2231 Synetics i-doit是德国Synetics公司的一个基于Web的开源IT文档和CMDB（配置管理数据库），它能够记录IT系统及其变化的信息，同时针对系统变化制定应急方案，最终确保IT网络稳定、高效的运作。 synetics i-doit 1.2.5之前版本的的API存在跨站脚本漏洞，允许远程攻击者通过产权注入任意的web脚本或HTML。 0 synetics GmbH i-doit 1.2.4 synetics GmbH i-doit 1.1.1 synetics GmbH i-doit 1.1.2...

CVE-2014-1695

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS 3.1.x before 3.1.20, 3.2.x before 3.2.15, and 3.3.x before 3.3.5 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML email...

CVE-2014-0081

Multiple cross-site scripting XSS vulnerabilities in actionview/lib/actionview/helpers/numberhelper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remote attackers to inject arbitrary web script or HTML via the 1 format, 2 negativeformat, or 3 units...

CVE-2013-7316

Cross-site scripting XSS vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by README.html...

EUVD-2013-5847

Cross-site scripting XSS vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element...

CVE-2013-6923

The CVE-2013-6923 issue affects Seagate BlackArmor NAS sg2000-2000 with firmware sg2000-2000.1331. It describes two persistent XSS risks: (1) fullname input in admin/access_control_user_edit.php and (2) workname input in admin/network_workgroup_domain.php. The root cause is failure to sanitize us...

CVE-2013-7277

Andy’s PHP Knowledgebase (Aphpkb) is affected by CVE-2013-7277 via multiple XSS vectors in versions before 0.95.8: (1) HTTP Referer header to saa.php, (2) username parameter to login.php, and (3) keyword_list parameter to keysearch.php. The underlying issue enables a remote attacker to inject arb...

CVE-2013-5573

Cross-site scripting XSS vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration...

PT-2014-79: Cross-Site Scripting in ShopOS

The specialists of the Positive Research center have detected a Cross-Site Scripting vulnerability in ShopOS. Cross-site scripting in the market.php script allows remote attackers to inject arbitrary HTML tags including JavaScript scripts, etc. to a page processed by user's browser. How to fix No...

CVE-2013-7077

CVE-2013-7077 is a TYPO3 Backend User Administration Module cross-site scripting (XSS) vulnerability affecting TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Remediation per TYPO3 core advisory TY...