Siemens Climatix BACnet/IP Communication Module Cross-Site Scripting Vulnerability

The Siemens Climatix BACnet/IP communication module is a communication module for BACnet networks from Siemens, Germany. A cross-site scripting vulnerability exists in the integrated web server in the Siemens Climatix BACnet/IP communication module using firmware versions prior to 10.34. A remote...

Symantec Data Loss Prevention Enforce Server Cross-Site Scripting Vulnerability

Symantec Data Loss Prevention DLP is a data leakage protection solution from Symantec Symantec. The program provides data leakage protection management and reporting and other functions. A cross-site scripting vulnerability exists in the management console in Enforce Server in Symantec DLP versio...

CVE-2015-1159

Cross-site scripting XSS vulnerability in the cgiputs function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/...

Opsview Cross-Site Scripting Vulnerability

Opsview is a suite of enterprise-class network, server and application monitoring tools from Opsview UK. The tool can be integrated with monitoring systems such as Nagios Core and RRDTool. A cross-site scripting vulnerability exists in Opsview 4.6.2 and earlier versions. A remote attacker can...

WordPress Genericons Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites on PHP and MySQL servers.Genericons is a set of free tools for creating blog icon fonts. A cross-site scripting vulnerability exists in the...

UBUNTU-CVE-2015-3429

Cross-site scripting XSS vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier...

McAfee ePolicy Orchestrator Product Configuration Feature Cross-Site Scripting Vulnerability

McAfee ePolicy Orchestrator is an industry-leading systems security management solution that helps organizations effectively defend against a wide range of malicious threats and attacks. A cross-site scripting vulnerability exists in the Product Configuration feature of the McAfee ePolicy...

Unspecified Cross-Site Scripting Vulnerability in Zenphoto

Zenphoto is a free photo gallery content management system developed by the Zenphoto team. The system manages images and supports multimedia such as audio and video. A cross-site scripting vulnerability exists in the image processor of Zenphoto versions prior to 1.4.7. A remote attacker can explo...

Apache Sling API and Sling Servlets Cross-Site Scripting Vulnerabilities

Apache Sling API is the United States Apache Apache Software Foundation's set of frameworks for building Web applications. Apache Sling Servlets Post is one of the container. Apache Sling API and Sling Servlets have a cross-site scripting vulnerability. Allow remote attackers to exploit the...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2015-03501)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM...

WordPress plugin WP Photo Album stores cross-site scripting vulnerabilities

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin WP Photo Album. Due to the lack of user-supplied filters for scripts passed to the...

Moodle 'mod/quiz:grade' cross-site scripting vulnerability

Moodle is an open source web-based teaching and learning application. A cross-site scripting vulnerability exists in Moodle versions prior to 2.6.11, 2.7.8, 2.8.6, and 2.9 due to a failure of the Quiz manual-grading feature to be implemented correctly, which allows remote attackers to conduct a...

CVE-2015-0724

Multiple cross-site scripting XSS vulnerabilities in dncs 7.0.0.12 in Cisco Headend Digital Broadband Delivery System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a 1 GET or 2 POST request, aka Bug ID CSCur25604...

Fortinet FortiAnalyzer 'sql-query' Cross-Site Scripting Vulnerability

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The solution is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

Dokeos 'forum' and 'origin' cross-site scripting vulnerabilities

Dokeos is an open source online education and course management system . The system supports file uploading , courseware production , notification and other teaching support functions. Dokeos 1.8.4 and previous versions of cross-site scripting vulnerabilities , the vulnerability stems from...

IBM WebSphere MQ XR WebSockets Listener Cross-Site Scripting Vulnerability

IBM WebSphere MQ is a messaging middleware product that provides a reliable and proven messaging backbone for Service Oriented Architecture SOA. A cross-site scripting vulnerability in IBM WebSphere MQ XR WebSockets Listener allows remote attackers to exploit the vulnerability to inject malicious...

Drupal Cloudwords for Multilingual Drupal module cross-site scripting vulnerability

Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community. cloudwords for Multilingual Drupal is one of the modules that provides multiple language translations. A cross-site scripting vulnerability exists in the Drupal Cloudwords for...

Cisco Unified MeetingPlace Cross-Site Scripting Vulnerability (CNVD-2015-02651)

Cisco Unified MeetingPlace is the United States Cisco Cisco company's set of multimedia conferencing solutions. The solution provides a user environment that integrates voice, video and Web conferencing. A cross-site scripting vulnerability exists in the Web management interface of Cisco Unified...

Adobe ColdFusion suffers from an unspecified cross-site scripting vulnerability (CNVD-2015-02633)

Adobe ColdFusion is a dynamic Web server , its CFML is a programming language , similar to the current JSP in the JSTL. Adobe ColdFusion has an unspecified cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which c...

MediaWiki cross-site scripting vulnerability (CNVD-2015-02416)

MediaWiki is a Wiki program. A cross-site scripting vulnerability exists in the Html class of MediaWiki. When the program uses a language variant, a remote attacker can exploit the vulnerability by replacing strings with LanguageConverter to inject arbitrary web script or HTML...