35 matches found
Advanced Booking Calendar < 1.7.0 - Unauthenticated SQL Injection
The plugin does not validate and escape the calendar parameter before using it in a SQL statement via the abcbookinggetSingleCalendar AJAX action available to both unauthenticated and authenticated users, leading to an unauthenticated SQL injection 1. Install the vulnerable plugin...
Engineers Online Portal 跨站脚本漏洞
Sourcecodester Online Event Booking and Reservation System is developed using PHP, MySQL database, HTML, CSS, Javascript, Bootstrap and AdminLTE. The system can be accessed by three types of users, namely system administrators, students and teachers. Sourcecodester Online Event Booking and...
Cross site scripting
A Cross-Site Scripting XSS CWE-79 vulnerability exists in U.motion Server MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX Server Plus, MEG6260-0410 - U.motion KNX Server Plus, Touch 10, MEG6260-0415 - U.motion KNX Server Plus, Touch 15, which could allow an attacker to inject...
PT-2019-11769 · Jenkins · Jenkins Pipeline: Build Step Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Build Pipeline Plugin versions 1.5.8 and earlier Description: A stored cross-site scripting issue allows attackers who can edit the build pipeline description to inject arbitrary HTML and JavaScript into the plugin-provided web pages ...
RICOH MP 2001 Cross-Site Scripting Vulnerability
The RICOH MP 2001 is a multifunction printer device from Ricoh Japan. A cross-site scripting vulnerability exists in the address add area of the RICOH MP 2001, which arises from the program failing to properly validate user-submitted input. An attacker can exploit the vulnerability by sending the...
ZOHO ManageEngine Desktop Central Cross-Site Scripting Vulnerability (CNVD-2018-19733)
ZOHO ManageEngine Desktop Central DC is a desktop management solution from ZOHO. The solution includes software distribution, patch management, system configuration, remote control and other functional modules to support the entire lifecycle of desktop and server management. A cross-site scriptin...
IBM Rational Quality Manager HTML Injection Vulnerability (CNVD-2018-19534)
IBM Rational Quality Manager RQM is a collaborative, Web-based quality management solution from IBM. The program provides test planning and test evaluation management methods within the entire software development lifecycle, and the ability to share information, automation to accelerate the proje...
CVE-2017-1278
IBM DOORS Next Generation DNG/RRC 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 124756...
WN-AC1167GR Cross-Site Scripting Vulnerability
The WN-AC1167GR is a wireless LAN router device from I-O DATA DEVICE. A cross-site scripting vulnerability exists in the WN-AC1167GR 1.04 and earlier versions, which can be exploited by an attacker to inject script or HTML into an arbitrary web...
CVE-2014-2116
Cisco Emergency Responder ER 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882...
CVE-2014-2116
Cisco Emergency Responder ER 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882...
Cisco Emergency Responder Dynamic Content Modification Vulnerability
A vulnerability in the web interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct web page injection attack against a user browser of the Cisco Emergency Responder. The vulnerability is due to insufficient input validation of several parameters. An...
Corporater EPM Suite is vulnerable to cross-site request forgery and cross-site scripting
Overview Corporater EPM Suite contains cross-site request forgery CSRF CWE-352 and reflected cross-site scripting XSS CWE-79 vulnerabilities. Description CWE-352: Cross-Site Request Forgery CSRF- CVE-2013-3583Corporater EPM Suite contains a cross-site request forgery vulnerability on the...
New Linux Rootkit Attacks Internet Users
Security researchers have discovered what appears to be an experimental Linux rootkit designed to infect its highly select victims during a classic drive-by website attack. The malware allows hackers to inject code directly in any infected web page. The new malware, discovered on November 13 of...
Critical: Red Hat Security Advisory: firefox security update
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime...