Drupal Entity API Module Field Label Cross-Site Scripting Vulnerability

Drupal is an open source content management platform. A cross-site scripting vulnerability exists in the Drupal Entity API module field labels due to the program failing to properly filter user-supplied input. An attacker could be allowed to exploit this vulnerability to steal cookie-based...

Cross-site Scripting Vulnerability in JP1/IT Desktop Management - Manager and Hitachi IT Operations Director

Overview A cross-site scripting vulnerability was found in the online help of JP1/IT Desktop Management - Manager and Hitachi IT Operations Director. Impact Remote users can exploit a cross-site scripting vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information...

Multiple HTML Injection Vulnerabilities in MyBB

MyBB is a popular forum program. MyBB suffers from multiple HTML injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can execute the provided HTML and script code in the context of the affected site...

Multiple Cross-Site Scripting Vulnerabilities in SAP HANA

SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions, users can directly query and analyze a large amount of real-time business data. SAP HANA has multiple cross-site scripting vulnerabilities that can be exploited by an attacker to...

Live off the mobile phone client xss comfortably into the background-bug warning-the black bar safety net

Brief description: Live off the mobile phone client sidexsscomfortably, you can log in the background Detailed description: 0x00 keywords code area Live off to find room Android App, user feedback, comfortably, the storage-typexss, the'" 0x02 process User feedback directly inserted into the !...

Saurus CMS Community Edition vulnerable to cross-site scripting

Overview Saurus CMS Community Edition is open source software to manage and build websites. Saurus CMS Community Edition contains multiple cross-site scripting vulnerabilities. Yuji Tounai of NTT Com Security reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under...

Cross-site Scripting Vulnerability in Hitachi Application Server Help

Overview Hitachi Application Server Help contains a cross-site scripting vulnerability. Impact A remote attacker can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Multiple Cross-Site Scripting Vulnerabilities in Drupal Taxonomy Tools Module

Drupal is written using the PHP language open source content management framework , which consists of a content management system and PHP development framework together . Multiple cross-site scripting vulnerabilities exist in the Drupal Taxonomy Tools module due to the program failing to properly...

Cisco Prime Security Manager Cross-Site Scripting Vulnerability (CNVD-2015-01125)

Cisco Prime Security Manager is a tool for centralized management of the Cisco ASA 5500-X Series firewalls. A cross-site scripting vulnerability exists in Cisco Prime Security Manager due to the program failing to properly filter user-supplied input. An attacker could exploit this vulnerability t...

Multiple Cross-Site Scripting Vulnerabilities in Cisco Prime Infrastructure

Cisco Prime Infrastructure is an all-in-one package that provides complete infrastructure wired and wireless and mobile lifecycle management provisioning, monitoring, troubleshooting, fixing, and reporting. Multiple cross-site scripting vulnerabilities exist in Cisco Prime Infrastructure, as the...

Plain Black WebGUI 'style-underground/search' cross-site scripting vulnerability

WebGUI is a CMS Content Management System software that is mainly used to facilitate the publishing and maintenance of website content. A cross-site scripting vulnerability exists in Plain Black WebGUI 'style-underground/search'. This allows remote attackers to execute arbitrary web script or HTM...

SnipSnap 'query' parameter cross-site scripting vulnerability

SnipSnap is a free java written and easy to install webBlog and wiki tools. A cross-site scripting vulnerability exists in the SnipSnap 'query' parameter due to the program failing to properly process user-supplied input. This allows an attacker to steal cookie-based authentication credentials an...

Fortinet FortiOS HTML Injection Vulnerability

Fortinet FortiOS is a set of security operating system developed by the U.S. company Fita Fortinet dedicated to the FortiGate platform, which provides users with firewall, antivirus, IPSec/SSL VPN, Web content filtering, anti-spam and other security features. An HTML injection vulnerability exist...

MantisBT < 1.2.19, 1.3.x < 1.3.0-beta.2 Multiple Vulnerabilities

MantisBT is prone to multiple vulnerabilities. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Cisco Meraki Systems Manager HTML Injection Vulnerability

Cisco Meraki Systems Manager is a cloud-based management solution. An HTML injection vulnerability exists in Cisco Meraki Systems Manager, which could be exploited by an attacker to obtain cookie-based authentication credentials and execute arbitrary script or HTML code in the context of an...

Fortinet FortiAuthenticator Appliance Cross-Site Scripting Vulnerability Vulnerability

Fortinet FortiAuthenticator is a family of secure authentication software from Fortinet that can be combined with FortiToken two-factor authentication token to provide secure two-factor authentication to third-party devices authenticated via RADIUS or LDAP. The Fortinet FortiAuthenticator Applian...

Fumy News Clipper vulnerable to cross-site scripting

Overview Fumy News Clipper provided by Nishishi Factory contains a cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the...

WordPress Plugin Photo Gallery Has Multiple Cross-Site Scripting Vulnerabilities

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress plugin Photo Gallery has multiple cross-site scripting vulnerabilities due to the program failing to properly filte...

WordPress Plugin Blubrry PowerPress Podcast 'admin.php' Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Blubrry PowerPress Podcast 'admin.php' due to the program...

Multiple Cross-Site Scripting Vulnerabilities in Saurus CMS

Saurus CMS is a content management system. Saurus CMS suffers from multiple cross-site scripting vulnerabilities due to the program failing to properly process user-supplied input. This allows attackers to exploit this vulnerability to steal cookie-based authentication credentials, execute...