Joomla! googleSearch (CSE) component cross-site scripting vulnerability

Joomla! is an open source content management system. googleSearch component for Joomla! is a custom search engine component for Joomla! A cross-site scripting vulnerability in googleSearch component 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the q paramet...

WordPress sourceAFRICA plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's suite of blogging platforms developed in the PHP language, which supports personal blog sites on PHP and MySQL servers. sourceAFRICA is one of the plug-ins for the African Network of Centers for Investigative Reporting that allows journalists to...

MediaWiki SemanticForms Extended Cross-Site Scripting Vulnerability (CNVD-2015-05872 (CNVD-C-2015-47230))

MediaWiki is the United States Wikimedia Wikimedia Foundation and MediaWiki volunteers to develop and maintain a set of free and free Web-based Wiki engine , it can be used to deploy internal knowledge management and content management system . SemanticForms is one of the extensions used to creat...

MediaWiki SemanticForms extension cross-site scripting vulnerability (CNVD-2015-05873)

MediaWiki is the United States Wikimedia Wikimedia Foundation and MediaWiki volunteers to develop and maintain a set of free and free Web-based Wiki engine , it can be used to deploy internal knowledge management and content management system . SemanticForms is one of the extensions used to creat...

Drupal Time Tracker module cross-site scripting vulnerability (CNVD-2015-05876)

Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Time Tracker is one of the modules of the time tracking system. A cross-site scripting vulnerability exists in the Drupal Time Tracker module version 7.x-1.4 prior to 7.x-1.x. The...

OkCupid OKWS Cross-Site Scripting Vulnerability

OkCupid OKWS OK Web Server is a web server for creating web services. A security vulnerability exists in the libahttp/err.c file of OkCupid OKWS, which originates from a non-existent page that does not adequately filter the 'PATHINFO' value. A remote attacker could use this vulnerability to injec...

PHP Kobo Photo Gallery CMS for PC/smartphone and feature phone Cross Site Scripting Vulnerability

PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone is a photo gallery content management system CMS for PC, smartphone and feature phone from PHP Kobo Japan. A cross-site scripting vulnerability exists in the jquery.lightbox-0.5.min.js file in PHP Kobo Photo Gallery CMS for PC,...

Coppermine Photo Gallery Cross-Site Scripting Vulnerability

Coppermine Photo Gallery is a Web-based album management system. The system provides user management , album password access restrictions and automatic generation of thumbnails and other functions . A cross-site scripting vulnerability exists in the installclassic.php script of Coppermine Photo...

CVE-2015-3219

Cross-site scripting XSS vulnerability in the Orchestration/Stack section in OpenStack Dashboard Horizon 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbitrary web script or HTML via the description parameter in a heat template, which is not properly handl...

Best Practical Solutions Request Tracker Cross-Site Scripting Vulnerability

Best Practical Solutions Request Tracker RT is an enterprise-grade, open source issue tracking system from Best Practical Solutions in the United States. The system has Bug tracking , customer service , customized workflow and other features . A cross-site scripting vulnerability exists in Best...

CVE-2014-9743

Cross-site scripting XSS vulnerability in the httpdHtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info...

UBUNTU-CVE-2014-9743

Cross-site scripting XSS vulnerability in the httpdHtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info...

Cisco IM and Presence Service Cross-Site Scripting Vulnerability

Cisco IM and Presence Service is the United States Cisco Cisco company's suite of software can provide enterprise-class instant messaging and network presence services. A cross-site scripting vulnerability exists in Cisco IM and Presence Service versions prior to 10.5 MR1, which stems from the...

CVE-2015-3440

Cross-site scripting XSS vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type...

Cisco WebEx Meeting Cross-Site Scripting Vulnerability

Cisco WebEx Meetings are web conferencing solutions. Cisco WebEx Meeting Center suffers from a cross-site scripting vulnerability in its implementation, which can be exploited by remote attackers to inject arbitrary web script or HTML via unspecified values...

jquery-ui: XSS vulnerability in jQuery.ui.dialog title option

Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...

Cisco Hosted Collaboration Solution Cross-Site Scripting Vulnerability

Cisco Hosted Collaboration Solution HCS is a suite of hosted collaboration solutions from the U.S. company Cisco Cisco. The solution includes Cisco TelePresence, Customer Collaboration Contact Center and Unified Communications products to support customers in the public cloud, private cloud and...

TYPO3 '404 Page not found handling' extension cross-site scripting vulnerability

TYPO3 is a free and open source content management system. 404 Page not found handling is a 404 Page not found handling extension plugin. A cross-site scripting vulnerability exists in the TYPO3 '404 Page not found handling' extension that allows remote attackers to exploit the vulnerability to...

Creative X-Cart Cross-Site Scripting Vulnerability

Creative X-Cart is a Russian company Creative open source PHP e-commerce software . The software provides favorites , order records and inventory management modules. A cross-site scripting vulnerability exists in Creative X-Cart 4.5.0 and earlier versions. A remote attacker can exploit this...

ArcGIS Desktop/Engine/Server Cross-Site Scripting Vulnerability

The ArcGIS for Server software platform enables users to create, manage, and distribute GIS services over the Web and to support desktop software applications, mobile terminal applications, and Web mapping applications in the form of services. Multiple cross-site scripting vulnerabilities exist i...