Lutim Cross-Site Scripting Vulnerability

Lutim means Let's Upload That Image and can be used to store images. Lutim suffers from a cross-site scripting vulnerability due to the program failing to adequately validate user-supplied input. When an unsuspecting user browses the affected site, an attacker could exploit this vulnerability to...

HP LoadRunner/Performance Center Heap Buffer Overflow Vulnerability

HP Intelligent Management Center iMC is a set of network intelligent management center solutions from Hewlett-Packard HP. A remote heap buffer overflow vulnerability exists in HP LoadRunner/Performance Center, which originates from a failure to perform sufficient boundary checks before copying us...

Mozilla Firefox MFSA has multiple vulnerabilities (CNVD-2017-04172)

Mozilla Firefox is an open source web browser. Multiple vulnerabilities exist in Mozilla Firefox. An attacker could use this vulnerability to bypass security restrictions to perform unauthorized operations, obtain sensitive information, execute arbitrary script code in the affected application's...

CVE-2017-6906

SiberianCMS before 4.10.0 is vulnerable due to insufficient filtration of user-supplied data (log) passed to SiberianCMS-master/errors/500.php, allowing an attacker to execute arbitrary HTML/JavaScript in the context of the vulnerable website. This risk is documented with CVSS metrics (MEDIUM). N...

WordPress Cross-Site Scripting Vulnerability (CNVD-2017-03615)

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary...

WordPress Cross-Site Scripting Vulnerability (CNVD-2017-03618)

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary...

OneThird CMS vulnerable to cross-site scripting

Overview OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability CWE-79 due to an issue in processing the inquiry form. Note that this vulnerability is different from JVN49408248. Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication...

Multiple Unspecified Cross-Site Scripting Vulnerabilities in TYPO3 CMS

TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. TYPO3 CMS suffers from multiple unspecified cross-site scripting vulnerabilities that stem from the program failing to properly validate user-supplied input. This vulnerability can be exploited to...

WordPress AnyVar Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language.REST API can transfer data via JSON format to access or control the content of the WordPress site. A cross-site scripting vulnerability exists in the WordPress AnyVar plugin. An attacker can use the vulnerability to execute arbitra...

melbourne.com XSS vulnerability

Vulnerable URL:...

Design/Logic Flaw

An issue was discovered in HashOver 2.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'hashover/scripts/widget-output.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website...

CVE-2017-6397

An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability exists due to insufficient filtration of user-supplied data in multiple parameters passed to several -sub-menu.php pages. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable...

WPO-Foundation WebPageTest Cross-Site Scripting Vulnerability

WebPagetest is a Web application that takes a URL and a set of configuration parameters as input and runs a performance test on that URL. A cross-site scripting vulnerability exists in WPO-Foundation WebPageTest, which occurs due to a failure to properly validate user-submitted data. The...

FlightAirMap Multiple Cross-Site Scripting Vulnerabilities

FlightAirMap is an open source project that displays flights in real time on a 2D or 3D map. FlightAirMap suffers from multiple cross-site scripting vulnerabilities. The vulnerabilities arise due to a failure to properly validate user-submitted data. An attacker could use the vulnerabilities to...

PT-2017-17037

Name of the Vulnerable Software and Affected Versions WPO-Foundation WebPageTest version 3.0 Description An issue exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. This allows an attacker to execute arbitrary HTML and script cod...

JVN#73083905: Multiple vulnerabilities in WBCE CMS

WBCE CMS provided by WBCE Team is an open-source Contents Management System CMS. WBCE CMS contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2017-2118 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

TCPDF Local File Inclusion Vulnerability

TCPDF is an open source for generating PDF documents of PHP classes . A local file inclusion vulnerability exists in versions of TCPDF prior to 6.2.0, which stems from the program failing to adequately filter user-submitted input. An attacker could exploit this vulnerability to obtain sensitive...

Palo Alto Networks PAN-OS HTML Injection Vulnerability

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. Palo Alto Networks PAN-OS suffers from an HTML injection vulnerability that stems from a failure to adequately validate user input. An attacker could use this vulnerability to execu...

Multiple Cross-Site Scripting Vulnerabilities in PhreeBooksERP

PhreeBooksERP is an open source ERP system for accounting use. PhreeBooksERP suffers from multiple cross-site scripting vulnerabilities due to failure to adequately validate user input. An attacker could exploit this vulnerability to execute arbitrary script code on a user's browser on an affecte...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2017-01995)

Cisco Firepower Management Center is a new generation of firewall management center software from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, as the program fails to adequately validate user input. An attacker could exploit this...