264 matches found
Cross site scripting
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups...
CVE-2017-7735
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups...
CVE-2017-7735
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups...
CVE-2017-7735
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups...
CVE-2017-7735
CVE-2017-7735 is a publicly documented Cross‑Site Scripting (XSS) vulnerability affecting Fortinet FortiOS. Affected versions are FortiOS 5.2.0–5.2.11 and 5.4.0–5.4.4. The root cause is improper validation of user-supplied input to the Groups field when creating or editing User Groups, allowing a...
CVE-2017-7735
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups...
Concrete CMS: Stored XSS in Name field in User Groups/Group Details form
Intro "The Crayons of Madagascar" Type of issue: Core CMS issue Level of severity: Internal Attack Vector Concrete5 version: 8.2.0 RC2 rev. 32c9daf352645d4fafedb7b956e7f2de4e153ab3 Summary There is Stored XSS vulnerability in User Groups-Group Details Name field. This vulnerability might be used ...
Fortinet FortiOS 5.2.x / 5.3.x / 5.4.x < 5.4.5 Multiple XSS (FG-IR-17-127)
The version of Fortinet FortiOS running on the remote device is 5.2.x, 5.3.x, or 5.4.x prior to 5.4.4. It is, therefore, affected by multiple cross-site scripting XSS vulnerabilities : - A cross-site scripting XSS vulnerability exists when saving configuration revisions due to improper validation...
FortiOS XSS vulnerabilities via User Groups & Config Revision Comments
Two XSS vulnerabilities were reported to us affecting FortiOS that can be exploited to load and run a remote malicious Javascript in a logged in browser...
Fiyo CMS 2.0.6.1 - Privilege Escalation
Fiyo CMS 2.0.6.1 - Privilege Escalation Exploit Title: Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter Google Dork: no Date: 11-03-2017 Exploit Author: @runggareksya, @dvnrcy Vendor Homepage: http://www.fiyo.org Software Link:...
Host Asset Information
Nessus collected information about the target host including: - network interfaces including IP addresses, MAC addresses, FQDNs - inventory of installed software - information about users and user groups This data has been stored in the Nessus report database. Note that this plugin will not produ...
[20161003] - Core - Account Modifications
Incorrect use of unfiltered data allows for existing user accounts to be modified; to include resetting their username, password, and user group assignments...
XenForo ToggleME 3.1.2 Cross Site Scripting
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: XenForo ToggleME plugin Vendor URL: https://xenforo.com/community/resources/toggleme.137/ Type: Cross-Site Scripting CWE-79 Date found: 2016-09-06 Date published: 2016-09-11 CVSSv3 Score: 5....
phpMyAdmin 4.4.15.x < 4.4.15.7 / 4.6.x < 4.6.3 Multiple Vulnerabilities
Binary data 9536.prm...
Multiple cross-site scripting vulnerabilities in phpMyAdmin (CNVD-2016-04309)
phpmyadmin is an online management tool for MySQL databases. A cross-site scripting vulnerability exists in phpmyadmin versions 4.4.x and 4.6.x in the user permissions page and the user group function, which can be exploited by an attacker to execute arbitrary scripts across sites...
Multiple XSS vulnerabilities
PMASA-2016-21 Announcement-ID: PMASA-2016-21 Date: 2016-06-23 Summary Multiple XSS vulnerabilities Description An XSS vulnerability was discovered on the user privileges page. An XSS vulnerability was discovered in the error console. An XSS vulnerability was discovered in the central columns...
MOBOTIX Video Security Cameras - Cross-Site Request Forgery (Add Admin)
Add admin user Testingus: ---...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the administrative backend in MyBB aka MyBulletinBoard before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the 1 MIME-type field in an add action in the config-attachmenttypes module to admin/index.php; 2...
PYSEC-2015-33
RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the 1 updaterepo, 2 getlocks, or 3 getusergroups API method...
Domain restricted signup is creating enabled users on ApacheDS
When a user signs up to a Confluence instance that has domain restricted sign up enabled, they are normally created as disabled users and are unable to login. However, when the underlying user directory does not support disabling users, such as ApacheDS 1.5, then the user ends up being created as...