109 matches found
Stored Cross-Site Scripting Vulnerability in PageAdmin CMS Online Message Feature
PageAdmin CMS is an enterprise building system based on PHP and mysql technology. A stored cross-site scripting vulnerability exists in the online message function of PageAdmin CMS. An attacker can insert malicious js code into the page to obtain user cookies and other information, resulting in...
Multiple vulnerabilities in jeecms JSPGOU
jspgou is based on java technology development of e-commerce management software. jeecms JSPGOU has stored cross-site scripting, CSRF and arbitrary file reading vulnerabilities. Due to the front-end input filtering is not strict, the background operation does not verify the source , allowing...
OEcms enterprise website system system url parameter exists stored cross-site scripting vulnerability
OEcms enterprise website system system is developed by OEcms technology OEdev based on the development of OEPHP architecture system to develop a set of enterprise building system. OEcms enterprise website system system there are stored cross-site scripting vulnerabilities. Due to poor filtering o...
XSS Cross-Site Scripting Vulnerability in Apabi Thesis Authorization Submission System of Beijing Founder Apabi Technology Co.
Apabi Thesis Authorization Submission System is a thesis submission system that can be used by college libraries to collect students' theses developed by Beijing Founder Apabi Technology Co. A cross-site scripting vulnerability exists in the Apabi Thesis Authorization Submission System of Beijing...
XSS Cross-Site Scripting Vulnerability and CSRF Vulnerability in OpenPortal Network Access System
OpenPortal network access authentication system supports standard Portal protocol, Portal V1 V2 protocol, CMCC protocol, WISPr protocol and PAP CHAP authentication, widely used in smart communities, smart cities, smart hospitals, plazas, large-scale supermarkets, hotels, tourist attractions,...
XSS Vulnerability in NetEase Email Master Client PC Version
NetEase Mail Master client is a universal email client launched by NetEase 163. An XSS vulnerability exists in the PC version Ver2.4.1.8 of the NetEase Mail Master client. It allows attackers to insert malicious js code into the page to obtain user cookies and other information, leading to user...
CVE-2016-6417
Cisco FireSIGHT System Software (4.10.2–6.1.0) and Firepower Management Center are affected by CVE-2016-6417, a Cross‑Site Request Forgery vulnerability that lets remote attackers hijack the authentication of arbitrary users. The underlying issue is CSRF in the management interfaces, enabling una...
SQL Injection and XSS Vulnerabilities in Centro InfoTech Web Management System Wim V1.03
Ltd. is Huaibei Shengtuo Information Technology Co., Ltd. is Huaibei website construction, website optimization, 400 telephone for, short message group sending, software development, Internet industry companies. SQL injection and XSS vulnerability exists in version 1.03 of Centro InfoTech's websi...
Cygnus eMail Client - Email Content Cross-Site Scripting Vulnerability
Cygnus EaseMail Client is a professional e-mail client software for sending, receiving and managing e-mails, supporting the import of certificates and encrypted sending. A cross-site scripting vulnerability exists in the Cygnus Ease Mail client. It allows attackers to insert malicious js code int...
Imperial Download System V2.5 Link Injection and Stored Cross-site Vulnerabilities
Empire Download System" is a code completely open source, dedicated to the website information download and online video site to provide solutions. The system V2.5 a module in the background there are link injection and cross-site vulnerabilities, the attacker inserted malicious code in the page ...
Cross-Site Scripting Vulnerability in Dreammail Email Client
DreamMail is a professional e-mail client software for sending, receiving and managing e-mail. A cross-site scripting vulnerability exists in the Dreammail Ver 5.16.1003.1015 email client. It allows an attacker to insert malicious js code into a page to obtain user cookies and other information,...
Positive ZDsoft Employment Management System suffers from XSS Cross-Site Scripting Vulnerability
Positive ZDsoft Employment Management System is a website generation system. The Zhengfang ZDsoft Employment Management System suffers from an XSS cross-site scripting vulnerability. It allows an attacker to insert malicious js code into a page to obtain user cookies and other information, leadin...
CVE-2015-6262
Cross-site request forgery CSRF vulnerability in Cisco Prime Infrastructure 1.20.103 and 2.00.0 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059...
CVE-2015-0542
Multiple cross-site request forgery CSRF vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in Cisco Unified Communications Domain Manager UCDM 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055...
Ubuntu: Security Advisory (USN-2347-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before 9.7.093013, 10.0 before 10.0.093013, and 10.1 before 10.1.093013 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS...
CVE-2013-4306
Cross-site request forgery CSRF vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via unspecified vectors...
CVE-2013-3963
Cross-site request forgery CSRF vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WPHD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified...