Proxmox Mail Gateway Cross-Site Scripting Vulnerability

Proxmox Mail Gateway is an e-mail gateway product from Proxmox Server Solutions, Austria. The product protects e-mail from virus, phishing and Trojan horse threats. A cross-site scripting vulnerability exists in versions prior to Proxmox Mail Gateway hotfix 4.0-8-097d26a9. A remote attacker can...

Exponent CMS Cross-Site Scripting Vulnerability (CNVD-2017-06734)

Exponent CMS is a free, open source, modular PHP-based content management system CMS. The system supports direct editing in the page and provides user management, site configuration, content editing and other functions. A cross-site scripting vulnerability exists in the...

WordPress Plugin Delete All Comments Arbitrary File Upload

On November 20th, while auditing a hacked WordPress website, we identified a critical vulnerability in the Delete All Comments WordPress plugin v2.0, which has over 30,000 active installations. Because a part of the delete-all-comments.php main script is not restricted to the administrator, any...

DEBIAN-CVE-2016-6333

Cross-site scripting XSS vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css...

CVE-2016-4888

Cross-site scripting XSS vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-2104

Multiple cross-site scripting XSS vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via 1 the label parameter to admin/BunchDetail.do; 2 the packagename, 3 searchsubscribedchannels, or 4 channelfilter parameter to software/packages/NameOverview.d...

UBUNTU-CVE-2015-8864

Cross-site scripting XSS vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068...

CVE-2016-1179

Cross-site scripting XSS vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML...

CVE-2017-3125

An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker...

Pixie Cross-Site Scripting Vulnerability

Pixie is an open source lightweight website content management system CMS. The system supports CSS themes, WYSIWYG editors and more. A cross-site scripting vulnerability exists in Pixie version 1.0.4, which stems from the program not properly validating user-submitted input. A remote attacker can...

Pixie cross-site scripting vulnerability (CNVD-2017-04817)

Pixie is an open source lightweight website content management system CMS. The system supports CSS themes, WYSIWYG editors and more. A cross-site scripting vulnerability exists in Pixie version 1.0.4. As the program fails to properly validate user-submitted input. A remote attacker can exploit th...

CherryMusic Cross-Site Scripting Vulnerability

CherryMusic is a music streaming server based on CherryPy and jPlayer. A cross-site scripting vulnerability exists in CherryMusic, which can be exploited by an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site, due to the program...

Gazelle cross-site scripting vulnerability (CNVD-2017-05628)

Gazelle is a set of web frameworks for BitTorrent trackers. A cross-site scripting vulnerability exists in versions of Gazelle prior to 2017-03-19. A remote attacker can exploit the vulnerability to execute arbitrary HTML and script...

Nextcloud Server and ownCloud Server Cross-Site Scripting Vulnerabilities

ownCloud is a free and open source personal cloud storage solution from German company ownCloud. nextcloud is an open source self-hosted file synchronization and sharing communication application platform. ownCloud Server and Nextcloud Server are both a server version of one of them. A cross-site...

Gazelle Cross-Site Scripting Vulnerability

Gazelle is a set of web frameworks for BitTorrent trackers. Gazelle suffers from a cross-site scripting vulnerability where the type parameter is not filtered in the Gazelle-master/sections/better/transcode.php file. A remote attacker can exploit this vulnerability to execute arbitrary HTML and...

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2017-04905)

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. Revive Adserver has a cross-site scripting vulnerability. A remote attacker can exploit this vulnerability to...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2017-04705)

CMS Made Simple CMSMS is an open source content management system CMS developed by the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in the...

IBM Call Center for Commerce Cross-Site Scripting Vulnerability

IBM Call Center for Commerce is a Web-based call center solution. The solution supports providing CSRs Customer Service Representatives with a single point of access to business information as well as comprehensive multi-channel interactions with customers. A cross-site scripting vulnerability...

CVE-2017-0110

Cross-site scripting XSS vulnerability in Microsoft Exchange Outlook Web Access OWA allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability."...

DEBIAN-CVE-2016-10203

Cross-site scripting XSS vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor...