Olive Diary DX vulnerable to cross-site scripting

Overview Olive Diary DX provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the page parameter. Impact An artbitrary script may be executed on the user's web browser. Solution Do not use Olive Diary DX Olive Diary DX is no longer being develop...

Atlassian Confluence HTML Injection Vulnerability

Atlassian Confluence is a professional enterprise knowledge management and collaboration software that can also be used to build enterprise WiKi. An HTML injection vulnerability exists in Atlassian Confluence. An attacker can exploit the vulnerability to execute arbitrary script code in the brows...

BitTorrent API Cross-Site Scripting Vulnerability

BitTorrent is a set of peer-to-peer file uploading and downloading software based on the BitTorrent protocol from the American company BitTorrent. A cross-site scripting vulnerability exists in BitTorrent. An attacker can exploit this vulnerability to execute arbitrary script code in the browser ...

SAP HANA Cockpit Cross-Site Scripting Vulnerability

SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions, users can directly query and analyze a large amount of real-time business data. A cross-site scripting vulnerability exists in SAP HANA. As the program fails to properly filter...

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability CWE-79 due to an issue in "Messages" function of Cybozu Garoon Keitai. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN...

Cisco AsyncOS Software for Email Security Appliances Cross-Site Scripting Vulnerability

Cisco AsyncOS Software for Email Security Appliances ESA is a set of operating systems used in Email Security Appliances ESA from Cisco USA. A cross-site scripting vulnerability exists in Cisco AsyncOS Software for ESA that stems from a failure to adequately filter user-submitted input. An attack...

CVE-2016-6850

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser...

CVE-2016-6847

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as mp3 album covers. In case their XML structure contains script code, that code may get executed when calling the related cover URL. Malicious script code can be executed within a user's context. This c...

CVE-2016-5124

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external sources to HTML editors by drag&drop can potentially lead to script code execution in the context of the active user. To exploit this, a user needs to be tricked to use an image from a specially...

CVE-2016-4045

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed...

CVE-2016-4026

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can...

Design/Logic Flaw

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a...

CVE-2016-4045

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Script code can be embedded to RSS feeds using a URL notation. In case a user clicks the corresponding link at the RSS reader of App Suite, code gets executed at the context of the user. Malicious script code can be executed...

IBM Jazz Reporting Service Cross-Site Scripting Vulnerability (CNVD-2016-12641)

IBM Jazz Reporting Service is a solution for integrating data. An unspecified cross-site scripting attack vulnerability exists in IBM Jazz Reporting Service that stems from a failure to properly validate user input. An attacker could use this vulnerability to execute arbitrary scripts in an...

Apache ActiveMQ vulnerable to cross-site scripting

Overview Apache ActiveMQ provided by the Apache Software Foundation is a middleware that implements Java Message Service. Apache ActiveMQ contains a stored cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...

Unspecified Security Bypass Vulnerability in Drupal JavaScript Callback Handler

Drupal is the Drupal community maintained by a set of free , open source content management system developed in PHP language . JavaScript Callback Handler is an efficient Ajax Callback module . An unspecified security bypass vulnerability exists in the Drupal JavaScript Callback Handler module. A...

Path traversal

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

jquery-ui: cross-site scripting in dialog closeText

It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user...

WNC01WH vulnerable to stored cross-site scripting

Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a stored cross-site scripting vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

Reflective Cross-Site Scripting Vulnerability in Huawei eSpace IAD Products

Huawei eSpace IAD is an integrated access device for Voice over IP and Unified Communications solutions from Huawei, China. A reflective cross-site scripting vulnerability exists in the Huawei eSpace IAD product. An attacker can exploit the vulnerability to run a malicious script in a user's...