IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2017-34194)

IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise are both products of IBM Corporation of the U.S.A. IBM Cloud Orchestrator is a suite of solutions that provides cloud management for IT services and accelerates the delivery of software and infrastructure.IBM Cloud IBM Cloud Orchestrato...

Fortinet FortiOS Cross-Site Scripting Vulnerability (CNVD-2017-36080)

Fortinet FortiOS is a set of security operating system developed by the U.S. Fiat Fortinet company dedicated to FortiGate network security platform. The system provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering and anti-spam and other security features. A cross-site...

UBUNTU-CVE-2012-4377

Cross-site scripting XSS vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image...

SAP Customer Relationship Management Java administration console cross-site scripting vulnerability

SAP Customer Relationship Management CRM is a set of customer relationship management solutions from SAP. The program includes sales management , marketing management , customer service systems and other modules . Java administration console is one of the Java administration console . A cross-sit...

TeamPass Cross-Site Scripting Vulnerability (CNVD-2017-30335)

TeamPass is a dedicated password manager for Apache, MySQL and PHP. A cross-site scripting vulnerability exists in versions prior to TeamPass 2.1.27.9 that stems from the program failing to adequately filter data. A remote attacker can exploit this vulnerability to execute arbitrary HTML or scrip...

HP ArcSight Enterprise Security Manager Cross-Site Scripting Vulnerability (CNVD-2017-30915)

HP ArcSight ESM Enterprise Security Manager and ESM Express are both enterprise security management software with event correlation and security analysis capabilities from Hewlett Packard Enterprise HPE. The software collects, correlates and reports on enterprise-wide security events in real time...

Mail.ru: Stored XSS using SVG on subdomain infra.mail.ru

It was possible to execute the script in the context of https://infra.mail.ru:8080/ by publishing static script-containing file such as SVG or XML in "Infra" service. This context doesn't use cookies for authentication, but XSS could allow phishing / content spoofing. This problem was addressed b...

CVE-2017-12257

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters...

Microsoft Word 2007 (x86) - Information Disclosure Exploit

Exploit for windows platform in category local exploits Title: MS Office Word Information Disclosure Vulnerability Date: September 30th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007 32-bits x86 Tested on:...

Drupal 'Commerce Invoices' Module SQL Injection and Cross Site Scripting Vulnerabilities

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Ctools Chaos tool suite is one of the API modules used to improve the development experience. SQL injection and cross-site scripting vulnerabilities exist in the Drupal 'Commerce...

Cisco Unified Intelligence Center Cross-Site Scripting Vulnerability (CNVD-2017-34246)

Cisco Unified Intelligence Center is the management center for the unified communications system of the American company Cisco Cisco. A cross-site scripting vulnerability exists in Cisco Unified Intelligence Center due to the program failing to properly filter user-supplied input. An attacker may...

CVE-2017-12248

A vulnerability in the web framework code of Cisco Unified Intelligence Center Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation...

CVE-2017-3165

In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping of server-side content. There is known to ...

Kohana Security Component Cross-Site Scripting Vulnerability

Kohana is the Kohana team developed a set of MVC model based on the construction of PHP5 framework. security component is one of the security components . A cross-site scripting vulnerability exists in the Security component of Kohana versions prior to 3.3.6. A remote attacker can inject arbitrar...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2017-32475)

Cisco Firepower Management Center is a new generation of firewall management center software from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center due to the program failing to properly filter user-supplied input. An attacker could...

Stored Cross-site Scripting Vulnerability in yiifcms v1.5

yiifcms is a content management system CMS developed on the yii framework. A stored cross-site scripting vulnerability exists in yiifcms v1.5, due to the system failing to strictly filter nickname and personality signature input. Attackers can use this vulnerability to obtain COOKIE information, ...

CVE-2017-6776

A vulnerability in the web framework of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affecte...

HPE Project and Portfolio Management Center Cross-Site Scripting Vulnerability

HPE Project and Portfolio Management Center PPM is a suite of solutions from Hewlett Packard Enterprise HPE that provides project executives with the visibility and strategic operational needs to make decisions based on real-time visibility into the project lifecycle of the project portfolio. A...

Cisco Industrial Network Director Cross-Site Scripting Vulnerability

Cisco Industrial Network Director is an industrial automation management system from Cisco. The system automates the management of industrial Ethernet infrastructure by visualizing its operation. A cross-site scripting vulnerability exists in the web interface of Cisco Industrial Network Director...

Multiple cross-site scripting vulnerabilities in ScreenOS

Overview ScreenOS provided by Juniper Networks contains multiple cross-site scripting vulnerabilities. Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...