Internet Shortcut used in Necurs malspam campaign

The Necurs botnet continues to be one of the most prolific malicious spam distributors, with regular waves of carefully-crafted attachments that are used to download malware. The majority of malspam campaigns that we track are targeting Microsoft Office with documents containing either macros or...

CVE-2018-0711

Cross-site scripting XSS vulnerability in QNAP QTS 4.3.3 build 20180126, QTS 4.3.4 build 20180315, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML...

DiliCMS Cross-Site Scripting Vulnerability

DiliCMS aka DiligentCMS is a content management system CMS based on Codelgniter. A cross-site scripting vulnerability exists in the System Settings - Site Settings filing number field of the admin/index.php file in DiliCMS version 2.4.0. A remote attacker can exploit this vulnerability to inject...

Mitel MiVoice Connect Cross-Site Scripting Vulnerability

Mitel MiVoice Connect R1707-PREM and Mitel ST are both products of Mitel Canada.Mitel MiVoice Connect R1707-PREM is a Unified Communications Management Appliance.ST is a videoconferencing product.conferencing is one of the notification components. conferencing is one of the conference notificatio...

Mitel MiVoice Connect Cross-Site Scripting Vulnerability (CNVD-2018-08583)

Mitel MiVoice Connect R1707-PREM and Mitel ST are both products of Mitel Canada.Mitel MiVoice Connect R1707-PREM is a Unified Communications Management Appliance.ST is a videoconferencing product.conferencing is one of the notification components. conferencing is one of the conference notificatio...

CVE-2017-13073

Cross-site scripting XSS vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML...

UBUNTU-CVE-2018-9861

Cross-site scripting XSS vulnerability in the Enhanced Image aka image2 plugin for CKEditor in versions 4.5.10 through 4.9.1; fixed in 4.9.2, as used in Drupal 8 before 8.4.7 and 8.5.x before 8.5.2 and other products, allows remote attackers to inject arbitrary web script through a crafted IMG...

Fastspot BigTree Cross-Site Scripting Vulnerability (CNVD-2018-08553)

Fastspot BigTree is the United States Fastspot company based on PHP and MySQL open source content management system CMS. A cross-site scripting vulnerability exists in the /core/inc/lib/less.php/test/index.php file in Fastspot BigTree version 4.2.22. A remote attacker can exploit this vulnerabili...

QNAP Cross-Site Scripting Vulnerability

QNAPS is a set of network storage devices from QNAP Systems, Inc. for home, SOHO, and SMB users. QNAPS is a network storage device for home, SOHO, and SMB users, and File Station is one of the file management applications. A cross-site scripting vulnerability exists in the shared links feature of...

WordPress Cross-Site Scripting Vulnerability (CNVD-2018-08609)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the generator tag in WordPress versions prior to 4.9.5, which...

Cacti cross-site scripting vulnerability (CNVD-2018-08667)

Cacti is an open source, web-based network monitoring and mapping tool, a front-end application designed for the data logging tool RRDtool. Cacti suffers from a cross-site scripting vulnerability. The vulnerability arises because the getcurrentpage function in lib/functions.php relies on...

Cross site scripting

Cross-site scripting XSS vulnerability in Open-AudIT Professional 2.1.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the Admin-Logs section with a logs?logs.type= URI and the Manage-Attributes section via the "Name display"...

SAP Solution Manager Incident Management Work Center Cross-Site Scripting Vulnerability

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

Dolibarr ERP/CRM Cross-Site Scripting Vulnerability (CNVD-2018-08335)

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. A cross-site scripting vulnerability exists in Dolibarr ERP/CR...

Google Chrome interstitials command execution vulnerability

Google Chrome is a web browser developed by Google Inc. interstitials is one of the pop-up ads plug-ins. A security vulnerability exists in interstitials in Google Chrome, which stems from the program failing to properly validate user-submitted input. The vulnerability can be exploited by a remot...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2018-08048)

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, etc. and supports free switching among three languages Chinese, Japanese, and English. A cross-site scripting vulnerability exists in...

CVE-2018-9034

Cross-site scripting XSS vulnerability in lib/interface.php of the Relevanssi plugin 4.0.4 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the tab GET parameter...

CVE-2017-3967

Target influence via framing vulnerability in the web interface in McAfee Network Security Management NSM before 8.2.7.42.2 allows remote attackers to inject arbitrary web script or HTML via application pages inability to break out of 3rd party HTML frames...

iScripts EasyCreate Cross-Site Scripting Vulnerability

IScripts EasyCreate is a set of online website builder from Iscripts, Inc. The tool can be used on the server for the client to provide website building services , belong to the fully customizable . A cross-site scripting vulnerability exists in the Site Description field in IScripts EasyCreate...

Joomla! Joom Sky JS Jobs Extension Cross-Site Scripting Vulnerability

Joomla! is a U.S. Open Source Matters team developed a set of open source content management system CMS, the system provides RSS feeds, site search and other features . Joom Sky JS Jobs extension is used in one of the recruitment features with an extension . A cross-site scripting vulnerability...