Cisco UCS Central Software Cross-Site Scripting Vulnerability (CNVD-2017-36134)

Cisco UCS Central Software is the United States Cisco Cisco company's set of global Cisco UCS Unified Computing System resources for server management and monitoring solutions. A cross-site scripting vulnerability exists in the web-based management interface of Cisco UCS Central Software, which...

Multiple vulnerabilities in multiple Buffalo broadband routers

Overview BBR-4HG and BBR-4MG provided by BUFFALO INC. are wireless LAN routers. BBR-4HG and BBR-4MG contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2017-10896 Improper Input Validation CWE-20 - CVE-2017-10897 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions,...

Cross-site Scripting Vulnerability in JP1/Operations Analytics

Overview A cross-site scripting vulnerability was found in JP1/Operations Analytics. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

CVE-2017-12356

A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is du...

Cisco Registered Envelope Service Cross-Site Scripting Vulnerability (CNVD-2017-34811)

Cisco Registered Envelope Service is a set of mail service solutions from Cisco USA. The product includes read receipts for mail, mail recycling, mail forwarding and reply functions, and provides smartphone support. A cross-site scripting vulnerability exists in the web interface in Cisco...

CA Identity Governance Cross-Site Scripting Vulnerability

CA Identity Governance is a suite of identification and management solutions from CA USA. A cross-site scripting vulnerability exists in CA Identity Governance version 12.6. A remote attacker could exploit the vulnerability to display HTML or execute scripts in the context of other users...

UBUNTU-CVE-2017-7834

A "data:" URL loaded in a new tab did not inherit the Content Security Policy CSP of the original page, allowing for bypasses of the policy including the execution of JavaScript. In prior versions when "data:" documents also inherited the context of the original page this would allow for potentia...

CS-Cart Japanese Edition vulnerable to cross-site scripting

Overview CS-Cart is a system for creating online shopping websites. CS-Cart Japanese Edition contains a cross-site scripting vulnerabulity CWE-79. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

Fortinet FortiOS Cross-Site Scripting Vulnerability (CNVD-2017-33750)

Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet dedicated to the FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. A cross-site scripti...

Artica Pandora FMS Cross-Site Scripting Vulnerability

Artica Pandora FMS Flexible Monitoring System is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way. A security vulnerability exists in Artica Pandora FMS version 7.0. An attacker could exploit th...

SAP Customer Relationship Management Email Form Editor Cross-Site Scripting Vulnerability

SAP Customer Relationship Management is a customer relationship management solution. A cross-site scripting vulnerability exists in the SAP Customer Relationship Management email form editor because it does not properly filter user-supplied input. A remote attacker could exploit this vulnerabilit...

D-Link DSL-2740E HTML Injection Vulnerability

The D-Link DSL-2740E is a wireless router product from AUO D-Link. A security vulnerability exists in the D-Link DSL-2740E version 1.00BG20150720, which originates from the program failing to properly filter user-submitted input. A remote attacker can exploit the vulnerability to execute arbitrar...

IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2017-34194)

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise are both products of IBM Corporation of the U.S.A. IBM Cloud Orchestrator is a suite of solutions that provides cloud management for IT services and accelerates the delivery of software and infrastructure.IBM Cloud IBM Cloud Orchestrato...

Fortinet FortiOS Cross-Site Scripting Vulnerability (CNVD-2017-36080)

Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. A cross-site...

UBUNTU-CVE-2012-4377

Cross-site scripting XSS vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image...

SAP Customer Relationship Management Java administration console cross-site scripting vulnerability

SAP Customer Relationship Management CRM is a set of customer relationship management solutions from SAP. The program includes sales management , marketing management , customer service systems and other modules . Java administration console is one of the Java administration console . A cross-sit...

TeamPass Cross-Site Scripting Vulnerability (CNVD-2017-30335)

TeamPass is a dedicated password manager for Apache, MySQL and PHP. A cross-site scripting vulnerability exists in versions prior to TeamPass 2.1.27.9 that stems from the program failing to adequately filter data. A remote attacker can exploit this vulnerability to execute arbitrary HTML or scrip...

HP ArcSight Enterprise Security Manager Cross-Site Scripting Vulnerability (CNVD-2017-30915)

HP ArcSight ESM Enterprise Security Manager and ESM Express are both enterprise security management software with event correlation and security analysis capabilities from Hewlett Packard Enterprise HPE. The software collects, correlates and reports on enterprise-wide security events in real time...

Mail.ru: Stored XSS using SVG on subdomain infra.mail.ru

It was possible to execute the script in the context of https://infra.mail.ru:8080/ by publishing static script-containing file such as SVG or XML in "Infra" service. This context doesn't use cookies for authentication, but XSS could allow phishing / content spoofing. This problem was addressed b...

CVE-2017-12257

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters...