JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

Cross-site Scripting Vulnerability in Hitachi Application Server Help

Overview Hitachi Application Server Help contains a cross-site scripting vulnerability. Impact A remote attacker can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Multiple Hitachi Products Online Help System Cross-Site Scripting Vulnerabilities

Hitachi Device Manager is a product of Hitachi, Japan. Hitachi Device Manager is a set of mobile device management software; Tiered Storage Manager is a set of tiered storage management software that can transparently migrate data between heterogeneous storage tiers; Replication Manager is a set ...

Mrs. Shiromuku Perl CGI shiromuku(u1) GUESTBOOK Cross-Site Scripting Vulnerability

Mrs. Shiromuku Perl CGI shiromukuu1 GUESTBOOK is a message board software. A cross-site scripting vulnerability exists in Mrs. Shiromuku Perl CGI shiromukuu1GUESTBOOK version 1.62 and earlier. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...

Plain Black WebGUI 'style-underground/search' cross-site scripting vulnerability

WebGUI is a CMS Content Management System software that is mainly used to facilitate the publishing and maintenance of website content. A cross-site scripting vulnerability exists in Plain Black WebGUI 'style-underground/search'. This allows remote attackers to execute arbitrary web script or HTM...

EUVD-2015-1559

Multiple cross-site scripting XSS vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 horder, 2 jakcatid, 3 jakcontent, 4 jakcss, 5 jakdeletelog, 6 jakemail, 7 jakextfile, 8 jakfile, 9 jakhookshow, 10 jakimg, 11 jakjavascript, 12...

CVE-2014-9649

Cross-site scripting XSS vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message...

DEBIAN-CVE-2014-9649

Cross-site scripting XSS vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message...

Pivotal Software RabbitMQ management plugin cross-site scripting vulnerability

Pivotal Software RabbitMQ is a British company Pivotal Software's set of implementation of the Advanced Message Queuing Protocol AMQP open source messaging agent software. rabbitMQ management is one of the management plug-in . A cross-site scripting vulnerability exists in the Pivotal Software...

MediaWiki Listings Extension Cross-Site Scripting Vulnerability

MediaWiki is a Wiki program. The MediaWiki Listings page fails to adequately filter the 'name' or 'url' parameter, which can be exploited by remote attackers to inject arbitrary web script or HTML...

Wordpress plugin Joomlaskin JS Multi Hotel cross-site scripting vulnerability

WordPress is a blogging platform developed by WordPress Software Foundation using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL.Joomlaskin JS Multi Hotel plugin is a hotel management plugin. A cross-site scripting vulnerability in the Wordpress plug...

ProjectSend Cross-Site Scripting Vulnerability

ProjectSend is a use of php to achieve the management of the project to send , based on ftp project management aspects of php source code to achieve . ProjectSend has a cross-site scripting vulnerability that allows remote attackers to inject arbitrary web script or HTML into the file upload...

Multiple Cross-Site Scripting Vulnerabilities in Cisco Secure Access Control Server (CNVD-2015-00230)

Cisco Secure ACS Access Control Server is a multifunction AAA authentication server. Multiple cross-site scripting vulnerabilities exist in Cisco Secure Access Control Server, allowing remote attackers to inject arbitrary web script or HTML via unspecified parameters...

IPCop Cross-Site Scripting Vulnerability

IPCop is a Linux-based firewall suite developed by IPCop team, which is mainly for home and SOHO users, providing firewall functions and allowing monitoring and management of various information through some TCP/IP business rules. A cross-site scripting vulnerability exists in versions prior to...

WordPress Plugin Relevanssi Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language, users can set up their own weblogs on servers that support PHP and MySQL databases.Relevanssi plugin is a WordPress search function enhancement plugin. A cross-site scripting vulnerability exists in WordPress plugin Relevanssi...

WordPress PhotoSmash plugin cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.PhotoSmash plugin is a plugin for adding photo albums. The WordPress PhotoSmash plugin has a cross-site scripting lea...

WordPress Plugin Sodahead Polls Has Multiple Cross-Site Scripting Vulnerabilities

WordPress is a blogging platform developed using the PHP language that allows users to set up their own weblogs on servers that support PHP and MySQL databases.Sodahead Polls plugin is a plugin for polls. WordPress plugin Sodahead Polls suffers from multiple cross-site scripting vulnerabilities...

Social Microblogging PRO Cross-Site Scripting Vulnerability

Social Microblogging PRO is a social microblogging. A cross-site scripting vulnerability in Social Microblogging PRO version 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO parameter to the default URL...

FiberHome-Modem-Router-HG-110

Exploit Title: Directory Path Traversal FiberHome Modem Router HG-110 / Remote Change DNS Servers Date: 22/09/2013 Exploit Author: Javier Perez - [email protected] - @thes41nt Vendor Homepage: http://hk.fiberhomegroup.com/ Version: HG110BHV1.6 import urllib import urllib2 ip = rawinput "Ent...

IBM WebSphere Portal Cross-Site Scripting Vulnerability (CNVD-2014-09212)

IBM WebSphere Portal is a framework - including runtime servers, services, tools, and many other features - that you can use to integrate your enterprise into a single, customizable interface called a portal. A cross-site scripting vulnerability in IBM WebSphere Portal versions 6.1.0 through...