Lucene search
+L

678 matches found

Prion
Prion
added 2017/10/26 5:29 p.m.15 views

Design/Logic Flaw

The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...

3.5CVSS5.6AI score0.00728EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/10/26 5:0 p.m.25 views

CVE-2017-15911

The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka XSS. Session ID and data theft may follow as well as the possibility of bypassing CSRF protection...

5.6AI score0.00728EPSS
Exploits0References2
CNVD
CNVD
added 2017/09/04 12:0 a.m.5 views

IceWarp Server webmail component cross-site scripting vulnerability

IceWarp Server is a mail server product from IceWarp USA. The product supports email archiving, SmartAttach attachments, automatic migration, etc. webmail component is one of the mailbox components. A cross-site scripting vulnerability exists in the 'language' parameter of the webmail component i...

6.1CVSS5.9AI score0.0201EPSS
Exploits0References1
CNVD
CNVD
added 2017/03/30 12:0 a.m.4 views

Revive Adserver Cross-Site Scripting Vulnerability (CNVD-2017-04607)

Revive Adserver is an open source advertising management system from the Revive Adserver team. The system provides ad placement, ad space management, data statistics and other functions. A cross-site scripting vulnerability exists in the affiliate-preview.php file in www/admin in versions prior t...

5.4CVSS6.2AI score0.01604EPSS
Exploits0References1
OSV
OSV
added 2017/03/09 9:59 a.m.7 views

CVE-2017-6549

Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before...

8.8CVSS5.8AI score0.07552EPSS
Exploits6References4
CNVD
CNVD
added 2016/05/14 12:0 a.m.3 views

Investors Application Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability exists in Shareholder Investor Relations. A remote attacker can manipulate client requests to obtain a user's session...

6.3AI score
Exploits0References1
Packet Storm
Packet Storm
added 2016/03/31 12:0 a.m.64 views

TrendMicro SSO Redirect / Session Theft

Document Title: =============== Trend Micro SSO - Backend SSO Redirect & Session Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1694 Trand Micro ID: 1-1-1035080936 Release Date: ============= 2016-03-31 Vulnerability Laboratory ID VL-ID:...

Exploits0
Tenable Nessus
Tenable Nessus
added 2015/10/15 12:0 a.m.24 views

Apache Solr < 4.10.5 'plugin.js' XSS

Binary data 8974.prm...

4.3CVSS7.3AI score0.04702EPSS
Exploits0References3
0day.today
0day.today
added 2015/09/11 12:0 a.m.20 views

Monsta FTP 1.6.2 - Multiple Vulnerabilities

Monsta FTP version 1.6.2 suffers from cross site request forgery and cross site scripting vulnerabilities. Exploit Title: CSRF XSS Monsta FTP Google Dork: intitle: Monsta FTP CSRF / XSS Date: 2015-09-11 Exploit Author: hyp3rlinx Website: hyp3rlinx.altervista.org Vendor Homepage: www.monstaftp.com...

6.9AI score
Exploits0
CNVD
CNVD
added 2015/06/29 12:0 a.m.4 views

IBM Leads Cross-Site Request Forgery Vulnerability (CNVD-2015-04109)

IBM Leads is a solution from IBM USA for improving the customer management process. The program provides functions such as finding prospects, assigning customers and sending notifications of new customer information. A cross-site request forgery vulnerability exists in IBM Leads. A remote attacke...

6CVSS6.8AI score0.00489EPSS
Exploits0References1
securityvulns
securityvulns
added 2015/01/19 12:0 a.m.91 views

SEC Consult SA-20150113-1 :: Privilege Escalation &amp; XSS &amp; Missing Authentication in Ansible Tower

SEC Consult Vulnerability Lab Security Advisory 20150113-1 ======================================================================= title: Privilege Escalation & XSS & Missing Authentication product: Ansible Tower vulnerable version: =2.0.2 fixed version: =2.0.5 impact: high homepage:...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2014/10/10 12:0 a.m.38 views

SAP BusinessObjects Explorer 14.0.5 Cross Site Flashing

COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: BusinessObjects Explorer Vendor: SAP AG Subject: Cross Site Flashing Risk: High Effect: Remotely exploitable Author: Stefan Horlacher Date: 2014-10-10 SAP Security Note: 1908647 0 Abstract: -------------...

0.3AI score
Exploits0
0day.today
0day.today
added 2014/07/22 12:0 a.m.23 views

Aerohive HiveOS 5.1r5 - 6.1r5 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Aerohive HiveOS XSS and limited LFI Date: 11-07-2014 Exploit Author: Rik van Duijn - DearBytes dearbytes.com Vendor Homepage: http://www.aerohive.com/products/overview.html Version: 5.1r5 - 6.1r5 possibly earlier versions...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2014/07/12 12:0 a.m.17 views

Aerohive HiveOS 5.1r5 6.1r5 - Multiple Vulnerabilities

Aerohive HiveOS 5.1r5 6.1r5 - Multiple Vulnerabilities Exploit Title: Aerohive HiveOS XSS and limited LFI Date: 11-07-2014 Exploit Author: Rik van Duijn - DearBytes dearbytes.com Vendor Homepage: http://www.aerohive.com/products/overview.html Version: 5.1r5 - 6.1r5 possibly earlier versions...

0.5AI score
Exploits0
Exploit DB
Exploit DB
added 2014/07/12 12:0 a.m.35 views

Aerohive HiveOS 5.1r5 &lt; 6.1r5 - Multiple Vulnerabilities

Exploit Title: Aerohive HiveOS XSS and limited LFI Date: 11-07-2014 Exploit Author: Rik van Duijn - DearBytes dearbytes.com Vendor Homepage: http://www.aerohive.com/products/overview.html Version: 5.1r5 - 6.1r5 possibly earlier versions Description ================ Aerohive version 5.1r5 through...

7.4AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2011/07/25 12:0 a.m.37 views

ClusterMaps - Cross Site Scripting Vulnerability

Document Title: =============== ClusterMaps - Cross Site Scripting Vulnerability Release Date: ============= 2011-07-25 Vulnerability Laboratory ID VL-ID: ==================================== 135 Product & Service Introduction: =============================== Do you know your audience? You will...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2009/01/01 12:0 a.m.7 views

PT-2009-15 Living CMS Cross-Site Scripting Vulnerability

Living CMS is a content management system CMS software, usually implemented as a Web application, for creating and managing HTML content. It is used to manage and control a large, dynamic collection of Web material HTML documents and their associated images. Vulnerability Description Positive...

6.4AI score
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.5 views

Hiki cross-site scripting vulnerability

Overview Hiki, a Wiki clone from the Hiki development team, contains a cross-site scripting vulnerability. Impact A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into t...

4.3CVSS6.1AI score0.01208EPSS
Exploits0References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2008/05/20 3:0 p.m.7 views

Hiki cross-site scripting vulnerability

Overview Hiki, a Wiki clone from the Hiki development team, contains a cross-site scripting vulnerability. Impact A remote attacker could create a content containing attacking code and take over a session by stealing the session ID of the user who logged into the system. If the user logged into t...

4.3CVSS6.2AI score0.01235EPSS
Exploits0References6
Packet Storm
Packet Storm
added 2008/03/17 12:0 a.m.33 views

rsa-xss.txt

The following security report has been sent to RSA/EMC on the 2/10/2007 and confirmed by them. RSA took action to alert their customers. ----------------------------------------- Description The WebID authentication framework suffers from a flow allowing to steal an authenticated users's session ...

7.4AI score
Exploits0
Rows per page
Query Builder