CVE-2017-16018

Restify vulnerability CVE-2017-16018 affects the restify framework (versions 2.0.0 through 4.0.4). The issue is a Cross‑Site Scripting (XSS) vulnerability that occurs when URL encoded script tags are used in a non-existent URL, allowing an attacker to run script in some browsers. The practical im...

CVE-2018-11552

There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON-Auto-Dialer-Agents-Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable applicati...

Trihedral Engineering Limited VTScada ICSA-17-304-0 has multiple vulnerabilities

Trihedral VTScada formerly known as VTS is a SCADA system from Trihedral Engineering, Canada, based on a Windows platform with a Web interface option. Trihedral Engineering Limited VTScada has multiple vulnerabilities. An attacker could execute arbitrary script code in the affected application or...

Unspecified Cross-Site Scripting Vulnerability in SAP SAPUI5

SAP SAPUI5 is a UI technology that provides everything you need to build enterprise-class Web applications. SAP SAPUI5 suffers from an unspecified cross-site scripting vulnerability that stems from the program not properly validating user-supplied input. A remote attacker could use this...

WordPress plugin "Site Reviews" vulnerable to cross-site scripting

Overview The WordPress plugin "Site Reviews" provided by Gemini Labs contains a stored cross-site scripting vulnerability CWE-79. Keita Uchida of TDU Cryptography Lab reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

WordPress plugin "Email Subscribers & Newsletters" vulnerable to cross-site scripting

Overview The WordPress plugin "Email Subscribers & Newsletters" provided by Icegram contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

JVN#16471686: WordPress plugin "Email Subscribers & Newsletters" vulnerable to cross-site scripting

The WordPress plugin "Email Subscribers & Newsletters" provided by Icegram contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provid...

Multiple Vulnerabilities in Jenkins Global Build Stats Plugin

Jenkins is an open source automation server.Jenkins provides a number of plug-ins that support building, deploying and automating projects.Global Build Stats is one of the plug-ins that allows to collect and display global build results statistics. The Jenkins Global Build Stats plugin has multip...

Multiple Cross-Site Scripting Vulnerabilities in Joomla! Core

Joomla! is an open source content management system CMS. The system provides RSS feeds , site search and other features . Joomla! Core is a Joomla! core. Multiple cross-site scripting vulnerabilities exist in Joomla! Core versions prior to 3.8.8, which stem from the program failing to properly...

WebSocket Live Chat - Cross-Site Scripting

WebSocket Live Chat - Cross-Site Scripting Exploit Title: WebSocket Live Chat - Cross-Site Scripting Date: 2018-05-22 Exploit Author: Alireza Norkazemi Vendor Homepage: https://codecanyon.net/item/websocket-live-chat-instant-messaging-php/16545798?srank=1 POC : 1 Create your account and click...

HPE UCMDB Configuration Manager Software Cross-Site Scripting Vulnerability

HPE UCMDB full name Universal CMDB is the United States Hewlett Packard Enterprise HPE company's set of resource management solutions. The solution provides from the bottom up including IT infrastructure auto-discovery, data modeling, service mapping definition and service impact analysis, etc...

WordPress Imagely NextGEN Gallery Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.Imagely NextGen Gallery is one of the gallery management systems. A cross-site scripting vulnerability exists in Image Alt &...

Tenable Nessus Cross-Site Scripting Vulnerability (CNVD-2018-10667)

Tenable Network Security Nessus is a highly scalable open source vulnerability scanner from Tenable Network Security, USA. A cross-site scripting vulnerability exists in Tenable Network Security Nessus versions prior to 7.1.0, which stems from the program failing to properly perform input...

WordPress Ultimate Member Plugin < 2.0.4 Multiple Vulnerabilities

The WordPress plugin Copyright C 2018 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

SAP Netweaver Cross-Site Scripting Vulnerability (CNVD-2018-12922)

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform, the platform can provide development and operation environment for SAP applications. A cross-site scripting vulnerability exists in SAP NetWeaver, which stems from the program failing to properl...

Microsoft SharePoint Server Elevation of Privilege Vulnerability (CNVD-2018-11000)

Microsoft SharePoint Enterprise Server 2013 SP1, SharePoint Enterprise Server 2016, and SharePoint Server 2010 SP2 are enterprise business collaboration platforms from Microsoft Corporation USA used for the integration of Access is one of the database components. A privileged access vulnerability...

CVE-2018-9111

Cross Site Scripting XSS exists on the Foxconn FEMTO AP-FC4064-T APGTB385.8.3lb15-W47 LTE Build 15 via the configuration of a user account. An attacker can execute arbitrary script on an unsuspecting user's browser...

RT-AC1200HP vulnerable to cross-site scripting

Overview RT-AC1200HP provided by ASUS Japan Inc. is a wireless LAN router. RT-AC1200HP contains a cross-site scripting vulnerability CWE-79. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...

JVN#61081552: WordPress plugin "PixelYourSite" vulnerable to cross-site scripting

The WordPress plugin "PixelYourSite" provided by Minimal Work SRL contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...

Mitel MiVoice Connect Cross-Site Scripting Vulnerability (CNVD-2018-08583)

Mitel MiVoice Connect R1707-PREM and Mitel ST are both products of Mitel Canada.Mitel MiVoice Connect R1707-PREM is a Unified Communications Management Appliance.ST is a videoconferencing product.conferencing is one of the notification components. conferencing is one of the conference notificatio...