Exponent CMS 'index.php' Cross-Site Scripting Vulnerability

Exponent CMS is open source content management system. A cross-site scripting vulnerability exists in Exponent CMS 'index.php' because it fails to properly filter user-supplied input. An attacker may be able to exploit this vulnerability to execute arbitrary script code in an unsuspecting user's...

McAfee Data Loss Prevention Endpoint HTML Injection Vulnerability

McAfee Network Data Loss Prevention monitors network traffic and protects against data loss. An HTML injection vulnerability exists in McAfee Data Loss Prevention Endpoint, which could allow an attacker to execute arbitrary HTML and script code in the context of a user's browser at an affected si...

Multiple Cross-Site Scripting Vulnerabilities in Drupal Video Module

Drupal is a free and open source content management system developed in PHP. Multiple cross-site scripting vulnerabilities exist in the Drupal Video module because it fails to properly filter user-supplied input. An attacker could potentially exploit these vulnerabilities to execute arbitrary...

Multiple Cross-Site Scripting Vulnerabilities in Drupal Room Reservations Module

Drupal is a free and open source content management system developed in PHP. Multiple cross-site scripting vulnerabilities exist in the Drupal Room Reservations module because it fails to properly filter user-supplied input. An attacker could use these vulnerabilities to execute arbitrary script...

Fork CMS 'loadForm()' Function Cross-Site Scripting Vulnerability

Fork CMS is a CMS system developed in PHP. A cross-site scripting vulnerability exists in the Fork CMS 'loadForm' function due to the program failing to properly filter user-supplied input. An attacker could use this vulnerability to execute arbitrary script code or steal cookie-based...

Multiple Cross-Site Scripting Vulnerabilities in Ansible Tower

Ansible is simple configuration management, deployment, task execution, and multi-node authoring framework. Ansible Tower has multiple cross-site scripting vulnerabilities because it fails to properly filter user-supplied input. An attacker could potentially exploit these vulnerabilities to execu...

Multiple HTML Injection Vulnerabilities in BEdita CMS 'index.php'

BEdita is a web development framework that provides a full-featured content management system. Multiple HTML injection vulnerabilities exist in BEdita CMS 'index.php' because it fails to properly filter user-supplied input. An attacker can execute the provided HTML and script code in the context ...

e107 '/e107_admin/filemanager.php' cross-site scripting vulnerability

E107 is an open source, free and based on PHP and MySQL content management system CMS of the United States E107 company. The system supports a variety of plug-in programs and appearance of the theme , can be used as a personal blog , discussion community , archive repository and so on. A cross-si...

Drupal Field Display Label Module Cross-Site Scripting Vulnerability

Drupal is a free and open source content management system developed in PHP. A cross-site scripting vulnerability exists in the Drupal Field Display Label module because it fails to properly filter user-supplied input. An attacker may be able to exploit this vulnerability to execute arbitrary...

Multiple Cross-Site Scripting Vulnerabilities in Zurmo CRM

Zurmo CRM is the United States Zurmo company's set of open source PHP-based customer relationship management system CRM. Multiple cross-site scripting vulnerabilities exist in Zurmo CRM because it fails to properly filter user-supplied input. An attacker could potentially exploit these...

Kajona 'admin.php' Cross-Site Scripting Vulnerability

Kajona is a set of Kajona team based on PHP and MySql open source content management framework. A cross-site scripting vulnerability exists in Kajona 'admin.php' because it fails to properly filter user-supplied input. An attacker may be able to exploit this vulnerability to execute arbitrary...

Multiple HTML Injection Vulnerabilities in AdaptCMS

AdaptCMS is a content management system. AdaptCMS has multiple HTML injection vulnerabilities because it fails to properly filter user-supplied input. An attacker can execute supplied HTML and script code in the context of the affected site...

FlexPaper 'FlexPaperViewer.swf' 'Content Spoofing Vulnerability

FlexPaper is an open source lightweight in the browser to display a variety of documents on the component . A content spoofing vulnerability exists in FlexPaper 'FlexPaperViewer.swf' due to the program failing to properly filter user-supplied input. An attacker can exploit this vulnerability to...

FlexPaper 'FlexPaperViewer.swf' Cross-Site Scripting Vulnerability

FlexPaper is an open source lightweight in the browser to display a variety of documents on the component . A cross-site scripting vulnerability exists in FlexPaper 'FlexPaperViewer.swf' due to the program failing to properly filter user-supplied input. An attacker can exploit this vulnerability ...

Serendipity HTML Injection Vulnerability

Serendipity is a PHP-powered Weblog application. Serendipity suffers from an HTML injection vulnerability because it fails to filter user-supplied input. Allowing an attacker to run supplied HTML or JavaScript code in the context of the affected site...

Osclass 'ajax.php' local file inclusion vulnerability

OSClass is a PHP MySQL based development , used to create and manage classified ads website open source system . A local file inclusion vulnerability exists in Osclass 'ajax.php' because it fails to adequately filter user-supplied input. An attacker can exploit this vulnerability to obtain...

WordPress plugin Frontend Uploader 'errors' parameter cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Frontend Uploader 'errors' parameter of the WordPress plugin because it...

WBS Gantt-Chart for JIRA vulnerable to cross-site scripting

Overview WBS Gantt-Chart for JIRA provided by Ricksoft Inc. is an add-on for JIRA which provides WBS Work Breakdown Structure and Gantt-Chart features. WBS Gantt-Chart for JIRA contains a flaw in exporting data, which may lead to cross-site scripting CWE-79. Note that this vulnerability is...

WBS Gantt-Chart for JIRA vulnerable to cross-site scripting

Overview WBS Gantt-Chart for JIRA provided by Ricksoft Inc. is an add-on for JIRA which provides WBS Work Breakdown Structure and Gantt-Chart features. WBS Gantt-Chart for JIRA contains a flaw in output page generation, which may lead to cross-site scripting CWE-79. Note that this vulnerability i...

LinPHA vulnerable to cross-site scripting

Overview LinPHA is a software to manage and host image files on the web. LinPHA contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...