WL-330NUL vulnerable to cross-site scripting

Overview WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a stored cross-site scripting vulnerability. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

Microsoft Browser Elevation of Privilege Vulnerability

Microsoft Edge is a web browser developed by Microsoft USA and is the default browser that comes with the Windows 10 operating system. Elevation of privilege vulnerability in Microsoft Edge, which stems from the program not properly validating privileges under certain conditions. An attacker coul...

jsoup: XSS vulnerability related to incomplete tags at EOF

It was found that jsoup did not properly validate user-supplied HTML content; certain HTML snippets could get past the validator without being detected as unsafe. A remote attacker could use a specially crafted HTML snippet to execute arbitrary web script in the user's browser...

p++BBS vulnerable to cross-site scripting

Overview p++BBS provided by Let's PHP! contains a stored cross-site scripting vulnerability CWE-79. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the...

OcProducts OcPortal 'FIELD_NAME' Parameter Cross-Site Scripting Vulnerability

OcProducts ocPortal is an open source PHP and MySQL based Content Management System CMS from OcProducts. A cross-site scripting vulnerability exists in OcProducts OcPortal. An attacker can exploit this vulnerability to execute arbitrary script code, steal cookie-based authentication and launch...

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2015-07814)

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates essential B2B processes, transactions and relationships. A cross-site scripting vulnerability in IBM Sterling B2B Integrator version 5.2 can be exploited by an attacker to steal cookie-based authentication and execute...

Void vulnerable to cross-site scripting

Overview Void is an open source content management system CMS. Void contains a cross-site scripting vulnerability CWE-79. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA under Information Security Early Warning Partnership. Impact An arbitrary script may be...

ArcSight Management Center and ArcSight Logger vulnerable to cross-site scripting

Overview ArcSight Management Center and ArcSight Logger from Hewlett-Packard Development Company L.P. contain a stored cross-site scripting vulnerability CWE-79. Mukai Akihito reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Adobe ColdFusion Cross-Site Scripting Vulnerability (CNVD-2015-07734)

Adobe ColdFusion is a dynamic Web server , its CFML is a programming language , similar to the current JSP in the JSTL. A cross-site scripting vulnerability exists in Adobe ColdFusion. The program fails to adequately filter user-supplied input, allowing remote attackers to execute arbitrary scrip...

b374k 3.2.3 2.8 CSRF / Command Injection Vulnerabilities

b374k web shell versions 2.8 and 3.2.3 suffer from a cross site request forgery vulnerability that allows for remote command injection. Vendor: ============================================ github.com/b374k/b374k code.google.com/p/b374k-shell/downloads/list code.google.com/archive/p/b374k-shell/...

TYPO3 News system extension cross-site scripting vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the TYPO3 Association in Switzerland. news system news is one of the extension components that provides press release functionality. A cross-site scripting vulnerability exists in TYPO3 News system extension...

KLA10689 Multiple vulnerabilities in Mozilla Firefox and Firefox ESR

Multiple serious vulnerabilities have been found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, bypass security restrictions, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilitie...

Disabling scripts in Add-on SDK panels has no effect — Mozilla

Add-on authors Jason Hamilton and Peter Arremann with AMO editor Sylvain Giroux reported a vulnerability when a panel is created using the Add-on SDK in a browser extension. Defining a panel with script: false is supposed to disable script execution but it was found that inline script would still...

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 allows a hacker to redirect users to a malicious website.

The vulnerability of the microprogramming software of Schneider Electric’s Modicon M340 allows a malicious actor to execute a script within the context of the current user’s security, using a specially created website...

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2015-06635)

Microsoft SharePoint Server and SharePoint Foundation are both business collaboration platforms from Microsoft Corporation. A cross-site scripting vulnerability exists in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1. A remote attacker can exploit this vulnerability to...

Dojo Toolkit vulnerable to cross-site scripting

Overview Dojo Toolkit is a software to assist in building web applications. Dojo Toolkit contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

Splunk cross-site scripting vulnerability (CNVD-2015-06482)

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. A cross-site scripting vulnerability exists in Splunk versions 6.2.6 prior to 6.2.0, which can be exploited by an attacker to execute arbitrary script code, steal cookie-based authentication and...

4images 1.7.11 Cross Site Scripting

============================================= MGC ALERT 2015-001 - Original release date: September 08, 2015 - Last revised: September 24, 2015 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score ============================================= I. VULNERABILITY...

USN-2743-1: Firefox vulnerabilities

Andrew Osmond, Olli Pettay, Andrew Sutherland, Christian Holler, David Major, Andrew McCreight, Cameron McCormack, Bob Clary and Randell Jesup discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially explo...

Kirby CMS 2.1.0 - Cross-Site Request Forgery / Content Upload / PHP Script Execution

============================================= - Release date: 14.09.2015 - Discovered by: Dawid Golunski - Severity: High ============================================= I. VULNERABILITY ------------------------- Kirby CMS = 2.1.0 CSRF Content Upload and PHP Script Execution II. BACKGROUND...