122 matches found
Kibana Tag Cloud Visualization Cross-Site Scripting Vulnerability
Kibana is an open source analytics and visualization platform designed to work with Elasticsearch.Kibana provides the ability to search, view, and interact with data stored in Elasticsearch indexes. Developers or operations staff can easily perform advanced data analysis and visualize data in a...
Cross site scripting
Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting XSS vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...
CVE-2018-3821
Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting XSS vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...
CVE-2018-3821
Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting XSS vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...
CVE-2018-3821
CVE-2018-3821 affects Elastic Kibana tag cloud visualization. Affected versions are Kibana after 5.1.1 and before 5.6.7, and before 6.1.3, with an XSS vulnerability in the tag cloud visualization. The underlying issue could allow an attacker to access sensitive information or take actions on beha...
PT-2018-16215 · Elastic · Kibana
Name of the Vulnerable Software and Affected Versions: Kibana versions after 5.1.1 and before 5.6.7 Kibana versions before 6.1.3 Description: A cross-site scripting XSS issue was found in the tag cloud visualization, potentially allowing an attacker to obtain sensitive information or perform...
CVE-2018-3821
Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting XSS vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users...
SQL Injection Vulnerability in taocms Tag Parameters
TaoCMS is the smallest around 100Kb fully functional CMS management system in China based on php+sqlite/mysql. taocms has a SQL injection vulnerability in the tag tag cloud location, which allows attackers to exploit the vulnerability to obtain sensitive database information...
mod fancy tag cloud,1.017,Other
mod fancy tag cloud comofflajninstaller,1.017,Other resolution: update to version 1.020 update notice: http://fancytagcloud.demo.offlajn.com/index.php/security-update existing users may also need to fix folder permissions, please contact the developer for further information...
UMI 3D Tag Cloud [mod_umi3dtagcloud], 1.3.4 and below, XSS (Cross Site Scripting)
UMI 3D Tag Cloud modumi3dtagcloud, 1.3.4 and below, XSS Cross Site Scripting...
WP-Cumulus Variants Cross Site Scripting
Hello list! I want to warn you about Cross-Site Scripting vulnerability in multiple plugins for different engines it's combinations of my two publications which I've made last week at my site. In plugins for RapidWeaver, Habari, DasBlo, eZ Publish, EE, Serendipity, Social Web CMS, PHP-Fusion,...
Flash Tag Cloud And MT-Cumulus Plugin - tagcloud Cross-Site Scripting
Flash Tag Cloud And MT-Cumulus Plugin - tagcloud Cross-Site Scripting source: https://www.securityfocus.com/bid/47845/info The Flash Tag Cloud widget and the MT-Cumulus Plugin are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker...
Flash Tag Cloud And MT-Cumulus Plugin - 'tagcloud' Cross-Site Scripting
source: https://www.securityfocus.com/bid/47845/info The Flash Tag Cloud widget and the MT-Cumulus Plugin are prone to a cross-site scripting vulnerability because they fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the brows...
MT-Cumulus / MT 4 Cross Site Scripting
Hello list! I want to warn you about Cross-Site Scripting vulnerability in plugin MT-Cumulus for Movable Type. ------------------------- Affected products: ------------------------- At first the developer made widget Flash Tag Cloud For MT 4, and later made full-fledged plugin MT-Cumulus for...
SA-CONTRIB-2011-013 - Tagadelic - Cross Site Scripting (XSS)
Tagadelic module offers various ways to display terms and vocabularies in a tag cloud on a page or in a block. The module does not sanitize the taxonomy vocabulary names and descriptions when displayed on listing pages or blocks, leading to a Cross-Site Scripting XSS vulnerability that may lead t...
Flash Tag Cloud Control Cross Site Scripting
Hello Bugtraq! I want to warn you about security vulnerability in Flash Tag Cloud control for ASP.NET. ----------------------------- Advisory: Vulnerability in widget Flash Tag Cloud for Blogsa and other ASP.NET engines ----------------------------- URL: http://websecurity.com.ua/4213/...
Piwigo v2.0.6 Multiple Vulnerabilities
Exploit for unknown platform in category web applications ========================================= Piwigo : mysqlfetcharray expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\piwigo-2.0.6\include\functions.inc.php on line 936 The parentid and imageid and unsanitized however...
WP-Cumulus 1.20 Cross Site Scripting
Full path disclosure: http://site/wp-content/plugins/wp-cumulus/wp-cumulus.php XSS: http://site/wp-content/plugins/wp-cumulus/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='javascript:alertdocument.cookie'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E...
CVE-2009-0931
Cross-site scripting XSS vulnerability in the tag cloud search script horde/services/portal/cloudsearch.php in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the tag cloud search script horde/services/portal/cloudsearch.php in Horde before 3.2.4 and 3.3.3, and Horde Groupware before 1.1.5, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...