CVE-2016-9486

CVE-2016-9486 affects ForeScout CounterACT's Windows SecureConnector agent. The agent downloads and runs scripts/executables from the current user’s TEMP directory while executing a SYSTEM-level batch file, creating insecure permissions and enabling privilege escalation for a local unprivileged u...

Code injection

In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the...

CVE-2018-8024

In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the...

CVE-2018-8024

Apache Spark UI cross-site scripting (CVE-2018-8024) affects Spark UI before 2.3.2, including 2.1.0–2.1.2, 2.2.0–2.2.1, and 2.3.0. A malicious user can craft a URL to the Spark UI’s /jobs/ endpoint; if a user visits the URL, JavaScript can execute in the victim’s browser within the Spark UI conte...

Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability

Microsoft Active Directory Federation Services ADFS is an Active Directory Federation Service from Microsoft. The service provides Web Single Sign-On SSO technology, which enables authentication of a user to multiple websites or applications during a single session. A cross-site scripting...

Cisco Web Security Appliance Cross-Site Scripting Vulnerability (CNVD-2018-13760)

Cisco Web Security Appliance WSA is a set of Web security appliances from Cisco USA. The appliance provides SaaS-based access control, real-time network reporting and tracking, and the development of security policies. A cross-site scripting vulnerability exists in the web-based management...

JVN#63895206: Multiple vulnerabilities in Calsos CSDX and CSDJ series products

Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. Access Restriction Bypass CWE-284 - CVE-2018-0613 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

Mailman vulnerable to cross-site scripting

Overview Mailman provided by GNU Mailman contains a stored cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2018-12400)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A cross-site scripting vulnerability exists in Mozilla Firefox versions prior to 59, where the program fails to properly validate user-submitted input. The vulnerability can be exploited by a...

CA Privileged Access Manager Cross-Site Scripting Vulnerability

CA Privileged Access Manager is a privileged access manager from CA USA that centralizes privileged user policies across multiple physical and virtual environments and manages and controls access used to IT resources. A cross-site scripting vulnerability exists in version 2.x of CA Privileged...

CVE-2018-9027

A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link...

VOOKI - Web Application Vulnerability Scanner

Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section. Vooki – Web Application Scanner can help you to find the...

Security Bulletin: Multiple vulnerabilities in IBM SPSS Collaboration and Deployment Services

Summary Multiple vulnerabilities exist in IBM SPSS Collaboration and Deployment Services. See the individual descriptions for details. Vulnerability Details VULNERABILITY DETAILS: CVEID: CVE-2013-4044 DESCRIPTION: An authenticated remote attacker can send a HTTP request to retrieve the content of...

Security Bulletin: Cross-site scripting vulnerability in IBM WebSphere Application Server (CVE-2016-0283)

Summary There is a cross-site scripting vulnerability in WebSphere Application Server Liberty when using the OpenID Connect OIDC client. Vulnerability Details CVEID: CVE-2016-0283 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting in the OIDC client web applicatio...

Security Bulletin: IBM WebSphere Lombardi Edition and IBM Business Process Manager (BPM) cross-site scripting vulnerability in error situations (CVE-2014-0957)

Summary When you invoke a service using a URL, user input can be returned in unhandled service failure situations. Vulnerability Details CVE ID: CVE-2014-0957 DESCRIPTION: IBM WebSphere Lombardi Edition and IBM Business Process Manager are vulnerable to cross-site scripting that is caused by the...

Chrome Extension "5000 trillion yen converter" vulnerable to cross-site scripting

Overview Chrome Extension "5000 trillion yen converter" provided by Owen contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the extension Update the extension according to the information provided by the...

Chrome Extension "5000 trillion yen converter" Cross-Site Scripting Vulnerability

Google Chrome is an iOS-based web browser developed by Google USA. A cross-site scripting vulnerability exists in Chrome Extension "5000 trillion yen converter", which can be exploited by an attacker to execute arbitrary scripts on a user's web browser...

Cross site scripting

The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the...

CVE-2018-11690

The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the...

CVE-2018-11688

Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,...