Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: Edit feed settings, Edit widget area, Sub site new registration, New category registration Tested baserCMS Version :...

GHSA-WPWW-4JF4-4HX8 Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: Edit feed settings, Edit widget area, Sub site new registration, New category registration Tested baserCMS Version :...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

Cisco Adaptive Security Appliance Cross-Site Scripting Vulnerability (CNVD-2021-44674)

Cisco Adaptive Security Appliance is a set of firewalls and network security platforms from the U.S. company Cisco Cisco. The platform provides highly secure access to data and network resources and other features. A cross-site scripting vulnerability exists in the Cisco Adaptive Security...

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2020-63196)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A security...

GHSA-FW5Q-J9P4-3VXG Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Components are: Blog comment posting Tested baserCMS Version : 4.4.0 Latest Affected baserCMS Version : 4.0.0 4.4.0 Patches : https://basercms.net/security/20201029 Found by yama...

Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Components are: Blog comment posting Tested baserCMS Version : 4.4.0 Latest Affected baserCMS Version : 4.0.0 4.4.0 Patches : https://basercms.net/security/20201029 Found by yama...

Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0

baserCMS 4.4.0 and earlier is affected by Remote Code Execution RCE. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: Edit template. Tested baserCMS Version : 4.4.0 Latest Affected baserCMS Version : 4.0.0 4.4.0 Patches :...

CVE-2020-6876

A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the...

WordPress Plugin Colorbox Lightbox Cross-Site Scripting Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in the WordPress plugin Colorbox Lightbox. An...

Cisco Firepower Management Center (FMC) Cross-Site Scripting Vulnerability

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. A security vulnerability exists in Cisco Firepower Management Center FMC that stems from the web-based management interface failing to adequately validate user-supplied input. An attacker...

Cisco Firepower Management Center (FMC) Cross-Site Scripting Vulnerability

Cisco Firepower Management Center FMC is a new generation of firewall management center software from Cisco. Cisco Firepower Management Center FMC suffers from a cross-site scripting vulnerability that arises from the web-based management interface not adequately validating user-supplied input. A...

Multiple vulnerabilities in WordPress Plugin "Simple Download Monitor"

Overview WordPress Plugin "Simple Download Monitor" provided by Tips and Tricks HQ contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2020-5650 SQL Injection CWE-89 - CVE-2020-5651 Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to the...

Vulnerability fixed in JIRA

Atlassian has fixed a vulnerability in JIRA. A malicious party could exploit the vulnerability to perform a Cross-Site Scripting XSS attack. Such an attack can lead to the execution of arbitrary script code in the browser with which the application is visited. Atlassian has released updates to fi...

CVE-2020-3589 Cisco Identity Services Engine Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the...

Vulnerability fixed in IBM Security Access Manager

IBM has fixed a vulnerability in IBM Security Access Manager. A malicious party could exploit the vulnerability to execute a Cross-Site Scripting XSS attack. Such an attack can result in the execution of arbitrary script code in the browser used to visit the application. IBM has released updates ...

Cisco IOS XE Software Command Injection Vulnerability (cisco-sa-iosxe-cmdinj-2MzhjM6K)

According to its self-reported version, Cisco IOS XE Software is affected by a command injection vulnerability. The vulnerability is due to insufficient protection of values passed to a script that executes during device startup. An attacker could exploit this vulnerability by writing values to a...

bootstrap: XSS in the affix configuration target property

A flaw was found in Bootstrap, where it is vulnerable to Cross-site scripting caused by improper validation of user-supplied input by the affix configuration target property. This flaw allows a remote attacker to execute a script in a victim's Web browser within the security context of the hostin...

CVE-2020-24594

Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session...