Jenkins vulnerable to cross-site scripting

Overview Jenkins contains a cross-site scripting vulnerability. Jenkins is a continuous integration CI tool. Jenkins contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN79950061. Minoru Sakai of SCSK Corporation reported this vulnerability to IPA...

SquirrelMail plugin Autocomplete vulnerable to cross-site scripting

Overview The SquirrelMail plugin Autocomplete contains a cross-site scripting vulnerability. The Autocomplete plugin in SquirrelMail searches for registered email addresses in user contacts as the user types into specific fields. The Autocomplete plugin contains a cross-site scripting...

JEECMS the background of any file editing vulnerability and get a shell-vulnerability warning-the black bar safety net

JEECMS is based on java technology development, inheritance of its strong, stable, secure, efficient, cross-platform, and many other advantages · use of SpringMVC3+Spring3+Hibernate3+Freemarker mainstream technical architecture security is doing very perverted, when the site after the installatio...

Bitweaver 'rankings.php' Local File Include Vulnerability

Bitweaver is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Vulnerability in DotNetNuke Could Allow Arbitrary Script Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting DotNetNuke 6.0.0 through version 6.0.2. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, DotNetNuke. DotNetNuk...

Vulnerability in DotNetNuke Could Allow Arbitrary Script Execution

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting DotNetNuke 6.0.2 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, DotNetNuke. DotNetNuke...

MODX Evolution 1.0.5 (and prior) Remote Script Execution Vulnerability

Product: MODX Evolution Risk: Very High Severity: Critical Versions: 1.0.5 and all previous releases Vunerability type: Remote Script Execution Report Date: 2012-Feb-16 Fixed Date: 2012-Feb-20 Description A vigilant community member sent us a security notice to let us know that he found a securit...

cforms II vulnerable to cross-site scripting

Overview cforms II contains a cross-site scripting vulnerability. cforms II provided by delicious days is a plugin for WordPress. cforms II contains a cross-site scripting vulnerability. Kousuke Ebihara and Yuya Watanabe of Tejimaya.inc reported this vulnerability to IPA. JPCERT/CC coordinated wi...

MyBB 1.6.6之前版本多个安全漏洞

BUGTRAQ ID: 51962 MyBB是一款流行的Web论坛程序。 MyBB在实现上存在多个安全漏洞，攻击者可利用这些漏洞执行脚本代码、窃取Cookie身份验证凭证、泄露或修改敏感信息或执行非法操作。 0 MyBB 1.x 厂商补丁： MyBB ---- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.mybboard.com/...

Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_ports.php?base_path' Remote File Inclusion

source: https://www.securityfocus.com/bid/51979/info BASE is prone to a security-bypass vulnerability and multiple remote file-include vulnerabilities. An attacker can exploit these issues to gain unauthorized access, obtain potentially sensitive information, or execute arbitrary script code in t...

vBadvanced CMPS 3.2.2 - vba_cmps_include_bottom.php Remote File Inclusion

vBadvanced CMPS 3.2.2 - vbacmpsincludebottom.php Remote File Inclusion source: https://www.securityfocus.com/bid/51672/info vBadvanced CMPS is prone to a remote file-include vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow a...

glucose 2 vulnerable to arbitrary script execution

Overview glucose 2 is vulnerable to arbitrary script execution. glucose 2 is an RSS reader. glucose 2 is vulnerable to arbitrary script execution which is inserted in RSS feed, due to the improper processing of RSS feed output. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...

JVN#65869891: glucose 2 vulnerable to arbitrary script execution

glucose 2 is an RSS reader. glucose 2 is vulnerable to arbitrary script execution which is inserted in RSS feed, due to the improper processing of RSS feed output. Impact An arbitrary script may be executed on the vulnerable system. Solution Update the software Update to the latest version...

Joomla! Component com_bulkenquery - Controller Local File Inclusion

Joomla! Component combulkenquery - Controller Local File Inclusion source: https://www.securityfocus.com/bid/51622/info The 'combulkenquery' component for Joomla! is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this...

osCommerce Japanese version vulnerable to cross-site scripting

Overview osCommerce Japanese version contains a cross-site scripting vulnerability. osCommerce is an open source system for creating shopping websites. osCommerce Japanese version contains a cross-site scripting vulnerability. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this...

osCommerce vulnerable to cross-site scripting

Overview osCommerce contains a cross-site scripting vulnerability. osCommerce is an open source system for creating shopping websites. osCommerce contains a cross-site scripting vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...

Oracle WebLogic Server vulnerable to cross-site scripting

Overview Oracle WebLogic Server contains a cross-site scripting vulnerability. Oracle WebLogic Server contains a cross-site scripting vulnerability on the management console. Minetoshi Takizawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

VertrigoServ 'ext' Parameter Cross Site Scripting Vulnerability

This host is running VertrigoServ and is prone to cross-site scripting vulnerability. OpenVAS Vulnerability Test $Id: gbvertrigoservextparamxssvuln.nasl 5792 2017-03-30 13:18:14Z cfi $ VertrigoServ 'ext' Parameter Cross Site Scripting Vulnerability Authors: Madhuri D Copyright: Copyright c 2012...

PukiWiki Plus! vulnerable to cross-site scripting

Overview PukiWiki Plus! contains a cross-site scripting vulnerability. PukiWiki Plus! is a software that adds wiki functionality to websites. PukiWiki Plus! contains a vulnerability in handling web form entries, which may result in cross-site scripting. Koki Nakayasu of Keiji Takeda Lab, Keio...

Apache Struts vulnerable to cross-site scripting

Overview Apache Struts may create web applications that contain a cross-site scripting vulnerability. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts may create web applications that contain a cross-site scripting...