OwnCloud Gallery Application HTML Injection Vulnerability

OwnCloud is a free and open source personal cloud storage solution from German company OwnCloud. The solution offers file management, music storage, calendars and more. An HTML injection vulnerability exists in the OwnCloud Gallery Application, which could be exploited by an attacker to steal...

IBM Cúram Social Program Management Cross-Site Scripting Vulnerability

IBM Cúram Social Program Management is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site scripting vulnerability exists in IBM Cúram Social Program Management that could be exploited by an attacker to...

WordPress plugin Border Loading Bar cross-site scripting vulnerability (CNVD-2016-07112)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in the WordPress plugin Border Loading Bar allows attackers to exploit t...

TYPO3 'mso/idna-convert' Library Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3 'mso/idna-convert'. Because the program fails to filter user-supplied input, an attacker could exploit the vulnerability to execute arbitrary...

TYPO3 'data:' URL Scheme Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3. Because the program fails to properly filter user-supplied input, an attacker may be able to exploit the vulnerability to execute arbitrary...

WordPress plugin Border Loading Bar cross-site scripting vulnerability (CNVD-2016-07111)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in the WordPress plugin Border Loading Bar allows attackers to exploit t...

SAP NetWeaver SAPSTARTSRV Remote Buffer Overflow Vulnerability

SAP NetWeaver is an integrated, service-oriented application platform that provides a development and runtime environment for SAP applications. A remote buffer overflow vulnerability exists in SAP NetWeaver SAPSTARTSRV due to the program failing to adequately filter the bounds-check parameter. An...

Novell GroupWise Cross-Site Scripting Vulnerability

Novell GroupWise is a cross-platform collaboration software. A cross-site scripting vulnerability exists in Novell GroupWise 2014 SP1, 2014 R2, and 2014 releases that stems from the program failing to adequately filter user-submitted input. An attacker could be allowed to exploit the vulnerabilit...

ownCloud Desktop Client Local Command Injection Vulnerability

The ownCloud Desktop Client is a desktop client for connecting to OwnCloud servers. The ownCloud Desktop Client local command injection vulnerability allows an attacker to exploit the vulnerability to execute arbitrary script code in the context of an affected application...

Huawei Policy Center Cross-Site Scripting Vulnerability

Huawei Policy Center is a set of policy management center software from Huawei China. The software provides features such as visitor management and personalized customization of the Portal login interface. A cross-site scripting vulnerability exists in Huawei Policy Center versions V100R003C00 an...

IBM WebSphere Portal XSS Vulnerability

IBM WebSphere Portal is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2016-06713)

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, etc. and supports free switching among three languages Chinese, Japanese, and English. A cross-site scripting vulnerability exists in...

Simple Chat Cross-Site Scripting Vulnerability

Simple Chat is a PHP and MySQL based Web chat program . A cross-site scripting vulnerability exists in versions of Simple Chat prior to 2016/08/15. An attacker can exploit this vulnerability to execute arbitrary script code...

IBM BigFix Platform Cross-Site Scripting Vulnerability

IBM BigFix formerly known as IBM Endpoint Manager, Tivoli Endpoint Manager is a set of system management software from the American company IBM. The software provides remote control, patch management, software distribution, operating system deployment, network access protection and other function...

Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2016-06712)

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, etc. and supports free switching among three languages Chinese, Japanese, and English. A cross-site scripting vulnerability exists in...

simple chat vulnerable to cross-site scripting

Overview simple chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

Apache Ranger HTML Injection Vulnerability

Apache Ranger is the Apache Software Foundation's architecture for implementing comprehensive security measures for Hadoop clusters, providing centralized security policy management for core enterprise security requirements such as authorization, billing, and data protection. Apache Ranger has an...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2016-06551)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. A cross-site scripting vulnerability exists in IBM Maximo Asset Management versions 7.6, 7.5, and 7.1, which can be exploited by an attacker to execute arbitrary script code and steal...

Trend Micro WFBS Multiple Vulnerabilities

Trend Micro Worry-Free Business Security is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

"Response request" function in Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. "Response request" function in Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated unde...