Fastspot BigTree bigtree-form-builder input validation vulnerability

Fastspot BigTree is the United States Fastspot company based on PHP and MySQL open source content management system CMS. bigtree-form-builder is one of the administrators used to build and collect the front-end user input information form . Fastspot BigTree bigtree-form-builder A security...

WordPress WP Mail plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language. wpmail is the function used to send mail. A cross-site scripting vulnerability exists in the WordPress WP Mail plugin due to the program failing to adequately validate user input. An...

TYPO3 Arbitrary Code Execution Vulnerability (CNVD-2017-01648)

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the TYPO3 Association in Switzerland. contextswurfl is one of the extensions for detecting mobile devices and adjusting TYPO3 output. A security vulnerability exists in versions of the TYPO3 contextswurfl...

Multiple cross-site scripting vulnerabilities in Webmin

Overview Webmin contains multiple cross-site scripting vulnerabilities CWE-79 due to issues in outputting error messages into a HTML page and the function to edit the database. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

CVE-2016-0305

IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the U...

IBM InfoSphere BigInsights Cross-Site Scripting Vulnerability (CNVD-2017-01312)

IBM InfoSphere BigInsights is a set of software platforms for storing and analyzing Big Data from IBM in the United States. The platform provides solutions for managing and analyzing massive amounts of structured and unstructured data. A cross-site scripting vulnerability exists in IBM Infosphere...

Drupal Better Exposed Filters Module Cross-Site Scripting Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A cross-site scripting vulnerability exists in the Drupal Better Exposed Filters module. An attacker can exploit this issue to execute arbitrary script code in an...

Cross-Site Scripting Vulnerability in Multiple TIBCO Products

TIBCO Spotfire Automation Services are products of TIBCO Software, Inc. Spotfire Automation Services is a suite of tools for running automated analyses; Spotfire Professional is a comprehensive analytics platform for all aspects of business analysts and users. Spotfire Professional is a...

Bypassing Device-Resource Restrictions

Cordova is vulnerable to the bypass of intended device-resource restrictions. Leveraging on an event-based bridge, a library clone, and an IFRAME script execution, a remote attacker is able to directly access bridge JavaScript objects as demonstrated by certain cordova.require calls...

CVE-2016-0218

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security...

Cross site scripting

IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,...

CVE-2016-2924

IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,...

CVE-2016-0265

IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL ...

CVE-2016-0265

IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL ...

Bypassing Device-Resource Restrictions

Cordova is vulnerable to the bypass of intended device-resource restrictions. Leveraging on an event-based bridge, a library clone, and an IFRAME script execution, a remote attacker is able to wait for a certain amount of time for an OnJsPrompt handler return value as an alternative to correct...

BINOM3 Electric Power Quality Meter (Update A)

CVSS v3 10 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: BINOM3 Equipment: Electric Power Quality Meter Vulnerabilities: Cross-site scripting, access control issues, cross-site request forgery CSRF, sensitive information stored in clear-text, and weak credentials management...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2017-01082)

Cisco Unified Communications Manager is a call processing component of a Cisco IP telephony solution. A cross-site scripting vulnerability exists in Cisco Unified Communications Manager that stems from a failure to validate user input. An attacker could use this vulnerability to execute arbitrary...

Cisco NetFlow Generation Appliance Cross-Site Scripting Vulnerability

The Cisco NetFlow Generation Appliance is a scalable cost-effective solution for traffic visibility in today's high-performance data centers. A cross-site scripting vulnerability exists in the Cisco NetFlow Generation Appliance that stems from a failure to properly validate user input. An attacke...

b2evolution cross-site scripting vulnerability (CNVD-2017-01089)

b2evolution is a PHP and MySQL based blogging software developed by software developer Francois Planque. A cross-site scripting vulnerability exists in b2evolution due to a failure of the program to properly validate user input. An attacker could use this vulnerability to execute arbitrary script...

HP Diagnostics Cross-Site Scripting Vulnerability

HP Diagnostics is a suite of end-to-end application management, monitoring, diagnostic analysis and troubleshooting solutions from Hewlett-Packard. A cross-site scripting vulnerability exists in HP Diagnostics. An attacker can exploit this vulnerability to execute arbitrary script code in a user'...