UBUNTU-CVE-2015-3429

Cross-site scripting XSS vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment identifier...

McAfee ePolicy Orchestrator Product Configuration Feature Cross-Site Scripting Vulnerability

McAfee ePolicy Orchestrator is an industry-leading systems security management solution that helps organizations effectively defend against a wide range of malicious threats and attacks. A cross-site scripting vulnerability exists in the Product Configuration feature of the McAfee ePolicy...

The vulnerability of Google Chrome browser allows a perpetrator to inject commands into the executed script.

The core/html/parser/HTMLConstructionSite.cpp file of the Google Chrome browser contains errors related to inheritance. Exploiting this vulnerability allows a malicious actor to inject commands into the script executed by remotely controlling the system, using a specially crafted Java script...

Unspecified Cross-Site Scripting Vulnerability in Zenphoto

Zenphoto is a free photo gallery content management system developed by the Zenphoto team. The system manages images and supports multimedia such as audio and video. A cross-site scripting vulnerability exists in the image processor of Zenphoto versions prior to 1.4.7. A remote attacker can explo...

Apache Sling API and Sling Servlets Cross-Site Scripting Vulnerabilities

Apache Sling API is the United States Apache Apache Software Foundation's set of frameworks for building Web applications. Apache Sling Servlets Post is one of the container. Apache Sling API and Sling Servlets have a cross-site scripting vulnerability. Allow remote attackers to exploit the...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2015-03501)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM...

WordPress plugin WP Photo Album stores cross-site scripting vulnerabilities

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin WP Photo Album. Due to the lack of user-supplied filters for scripts passed to the...

Moodle 'mod/quiz:grade' cross-site scripting vulnerability

Moodle is an open source web-based teaching and learning application. A cross-site scripting vulnerability exists in Moodle versions prior to 2.6.11, 2.7.8, 2.8.6, and 2.9 due to a failure of the Quiz manual-grading feature to be implemented correctly, which allows remote attackers to conduct a...

CVE-2015-0724

Multiple cross-site scripting XSS vulnerabilities in dncs 7.0.0.12 in Cisco Headend Digital Broadband Delivery System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a 1 GET or 2 POST request, aka Bug ID CSCur25604...

Fortinet FortiAnalyzer 'sql-query' Cross-Site Scripting Vulnerability

Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The solution is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...

Dokeos 'forum' and 'origin' cross-site scripting vulnerabilities

Dokeos is an open source online education and course management system . The system supports file uploading , courseware production , notification and other teaching support functions. Dokeos 1.8.4 and previous versions of cross-site scripting vulnerabilities , the vulnerability stems from...

IBM WebSphere MQ XR WebSockets Listener Cross-Site Scripting Vulnerability

IBM WebSphere MQ is a messaging middleware product that provides a reliable and proven messaging backbone for Service Oriented Architecture SOA. A cross-site scripting vulnerability in IBM WebSphere MQ XR WebSockets Listener allows remote attackers to exploit the vulnerability to inject malicious...

Drupal Cloudwords for Multilingual Drupal module cross-site scripting vulnerability

Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community. cloudwords for Multilingual Drupal is one of the modules that provides multiple language translations. A cross-site scripting vulnerability exists in the Drupal Cloudwords for...

Cisco Unified MeetingPlace Cross-Site Scripting Vulnerability (CNVD-2015-02651)

Cisco Unified MeetingPlace is the United States Cisco Cisco company's set of multimedia conferencing solutions. The solution provides a user environment that integrates voice, video and Web conferencing. A cross-site scripting vulnerability exists in the Web management interface of Cisco Unified...

Adobe ColdFusion suffers from an unspecified cross-site scripting vulnerability (CNVD-2015-02633)

Adobe ColdFusion is a dynamic Web server , its CFML is a programming language , similar to the current JSP in the JSTL. Adobe ColdFusion has an unspecified cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which c...

MediaWiki cross-site scripting vulnerability (CNVD-2015-02416)

MediaWiki is a Wiki program. A cross-site scripting vulnerability exists in the Html class of MediaWiki. When the program uses a language variant, a remote attacker can exploit the vulnerability by replacing strings with LanguageConverter to inject arbitrary web script or HTML...

Kemp Virtual LoadMaster /progs/geoctrl/doadd fqdn stored cross-site scripting vulnerability

Kemp Virtual LoadMaster is a virtual load balancer. Kemp Virtual LoadMaster /progs/geoctrl/doadd handles the fqdn parameter cross-site scripting vulnerability, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code that can be used to gain access to...

DEBIAN-CVE-2015-2939

Cross-site scripting XSS vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace...

DEBIAN-CVE-2015-2934

MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xmlparse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file...

DEBIAN-CVE-2015-2933

Cross-site scripting XSS vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant...