CVE-2017-7463

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code with...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

Cisco Unified Communications Manager CUCM, Unified CM is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting vulnerability exists i...

CherryMusic Cross-Site Scripting Vulnerability

CherryMusic is a music streaming server based on CherryPy and jPlayer. A cross-site scripting vulnerability exists in CherryMusic, which can be exploited by an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site, due to the program...

The vulnerability of the Internet Explorer browser, which allows a violator to obtain confidential information

The vulnerability of the VBS script execution mechanism in Internet Explorer is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain confidential information from the process’s memory through a specially crafted...

Gazelle cross-site scripting vulnerability (CNVD-2017-05628)

Gazelle is a set of web frameworks for BitTorrent trackers. A cross-site scripting vulnerability exists in versions of Gazelle prior to 2017-03-19. A remote attacker can exploit the vulnerability to execute arbitrary HTML and script...

Unspecified Cross-Site Scripting Vulnerability in Trend Micro ServerProtect for Linux

Trend Micro ServerProtect for Linux is an enterprise-grade anti-virus program that runs on Linux. An unspecified cross-site scripting vulnerability exists in Trend Micro ServerProtect for Linux, which is caused by a failure to validate user-submitted data. The vulnerability can be exploited to...

CVE-2017-7248

A Cross-Site Scripting XSS was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data type passed to the 'Gazelle-master/sections/better/transcode.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the...

WordPress plugin "YOP Poll" vulnerable to cross-site scripting

Overview The WordPress plugin "YOP Poll" contains a stored cross-site scripting CWE-79 vulnerability. Sho Ueshima, Takashi Honda, Tsuyoshi Ogawa and Minaho Umehara of SIE Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

DEBIAN-CVE-2017-7203

A Cross-Site Scripting XSS was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data postLoginQuery passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and scrip...

Dashbuilder: Reflected XSS

JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder usually admins to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of...

Mozilla Firefox MFSA has multiple vulnerabilities (CNVD-2017-04172)

Mozilla Firefox is an open source web browser. Multiple vulnerabilities exist in Mozilla Firefox. An attacker could use this vulnerability to bypass security restrictions to perform unauthorized operations, obtain sensitive information, execute arbitrary script code in the affected application's...

Mozilla Firefox/Thunderbird Memory Corruption Vulnerability (CNVD-2017-03835)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the U.S. Thunderbird is a mail tool adapted from the mail widget of the Mozilla browser. A memory corruption vulnerability exists in Mozilla Firefox/Thunderbird. An attacker can exploit the vulnerability to execu...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2017-03606)

Cisco Unified Communications Manager CUCM, Unified CM is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting vulnerability exists i...

SAP Enterprise Portal 'styleservice' Cross-Site Scripting Vulnerability

SAP Enterprise Portal is a German SAP SAP company's application integration platform, which integrates enterprise business information, enterprise applications and services, etc. together, and in the form of an independent Web-based user interface to the operator. A cross-site scripting...

Lutim Cross-Site Scripting Vulnerability

Lutim means Let's Upload That Image and can be used to store images. Lutim suffers from a cross-site scripting vulnerability due to the program failing to adequately validate user-supplied input. When an unsuspecting user browses the affected site, an attacker could exploit this vulnerability to...

HP LoadRunner/Performance Center Heap Buffer Overflow Vulnerability

HP Intelligent Management Center iMC is a set of network intelligent management center solutions from Hewlett-Packard HP. A remote heap buffer overflow vulnerability exists in HP LoadRunner/Performance Center, which originates from a failure to perform sufficient boundary checks before copying us...

CVE-2017-6906

SiberianCMS before 4.10.0 is vulnerable due to insufficient filtration of user-supplied data (log) passed to SiberianCMS-master/errors/500.php, allowing an attacker to execute arbitrary HTML/JavaScript in the context of the vulnerable website. This risk is documented with CVSS metrics (MEDIUM). N...

WordPress Cross-Site Scripting Vulnerability (CNVD-2017-03615)

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary...

WordPress Cross-Site Scripting Vulnerability (CNVD-2017-03618)

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary...

OneThird CMS vulnerable to cross-site scripting

Overview OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability CWE-79 due to an issue in processing the inquiry form. Note that this vulnerability is different from JVN49408248. Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication...