176 matches found
Log-Chat vulnerable to cross-site scripting
Overview Log-Chat provided by Script contains a stored cross-site scripting vulnerability CWE-79. Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
HP Client Security Manager Cross-Site Scripting Vulnerability
HP Client Security Manager is a security manager product from Hewlett-Packard HP in the United States. The product provides features such as enhanced Windows logon and single sign-on for Web sites. A cross-site scripting vulnerability exists in HP Client Security Manager that originates from the...
Wordpress plugin iframe HTML injection vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. iframe plugin is a pop-up layer allowing external URLs to be loaded into the iframe page plugin . Wordpress...
Apple Mac OS X 'entity' Parameter Cross-Site Scripting Vulnerability
Apple Mac OS X is a commercial operating system. A cross-site scripting vulnerability exists in the Apple Mac OS X 'entity' parameter. Because the program fails to properly filter user-supplied input, an attacker could exploit the vulnerability to execute arbitrary script code in the browser of a...
Cybozu Garoon vulnerable to cross-site scritping
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Map search", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update...
WordPress Social Connect Plugin <= 1.0.4 XSS Vulnerability - Active Check
WordPress Social Connect Plugin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Faq-O-Matic 2.6/2.7 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4023/info FAQ-O-Matic is a freely available, open-source FAQ Frequently Asked Questions manager. It is intended to run on Linux and Unix variants. FAQ-O-Matic does not sufficiently filter script code from URL parameters. ...
GuppY 2.4 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8768/info GuppY is reported to be prone to a cross-site scripting vulnerability due to insufficient sanitization of user-supplied input. The problem exists in the postguest module of the software. This issue may allow a...
Webmin vulnerable to cross-site scripting
Overview Webmin is a web-based system management tool. Webmin contains a cross-site scripting vulnerability when "referrer checking" is turned off. Note that "referrer checking" is enabled by default. hasegawa reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
Oracle OpenSSO Multiple XSS Vulnerabilities
Oracle OpenSSO is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
WordPress VideoWhisper Live Streaming Integration Multiple Vulnerabilities
WordPress VideoWhisper Live Streaming Integration Plugin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Debian Security Advisory DSA 2651-1 (smokeping - cross-site scripting vulnerability)
A cross-site scripting vulnerability was discovered in smokeping, a latency logging and graphing system. Input passed to the displaymode parameter was not properly sanitized. An attacker could use this flaw to execute arbitrary HTML and script code in a user's browser session in the context of an...
WEB PATIO vulnerable to cross-site scripting
Overview WEB PATIO contains a cross-site scripting vulnerability. WEB PATIO is a bulletin-board software. WEB PATIO contains a vulnerability in handling web form entries, which may result in cross-site scripting. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated wi...
RSSOwl vulnerable to arbitrary script execution
Overview RSSOwl is vulnerable to arbitrary script execution. RSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...
SiT! Support Incident Tracker 3.64 XSS / CSRF / SQL Injection
Advisory Details: High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SiT! Support Incident Tracker, which can be exploited to perform SQL injection, cross-site scripting, cross-site request forgery attacks. 1 Input passed via the "start" GET parameter to...
Traq 2.2 Cross Site Scripting / SQL Injection
Vulnerability ID: HTB23046 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesintraq.html Product: Traq Vendor: Jack Polgar http://traqproject.org/ Vulnerable Version: 2.2 and probably prior Tested Version: 2.2 Vendor Notification: 07 September 2011 Vulnerability Type: XSS, SQL...
phpMyAdmin 3.4.x < 3.4.5 Multiple XSS (PMASA-2011-14)
Binary data 6026.prm...
SiT! Support Incident Tracker 3.64 XSS / XSRF / SQL Injection
Vulnerability ID: HTB23043 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinsitsupportincidenttracker.html Product: SiT! Support Incident Tracker Vendor: The Support Incident Tracker Project http://sitracker.org/ Vulnerable Version: 3.64 and probably prior Tested Version: 3.64...
Cross-site Scripting (XSS) Vulnerabilities in phpScheduleIt
High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in phpScheduleIt which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in phpScheduleIt 1.1 The vulnerability exists due to input sanitation errors in URL in th...
Atlassian Confluence 2.x >= 2.7 / 3.x < 3.4.6 Multiple XSS
According to its self-reported version number, the instance of Atlassian Confluence on the remote host is a 2.x version that is 2.7 or later, or else version 3.x prior to 3.4.6. It is, therefore, affected by multiple, cross-site scripting vulnerabilities. Errors in the validation of input data to...