1332 matches found
CVE-2017-6776
A vulnerability in the web framework of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affecte...
CVE-2014-6393
The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting XSS attacks via characters in a non-standard encoding...
Cross site scripting
The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting XSS attacks via characters in a non-standard encoding...
CVE-2014-6393
CVE-2014-6393 affects the Express web framework for Node.js (versions prior to 3.11 and 4.x prior to 4.5). Root cause: missing charset field in HTTP Content-Type headers for 400-level responses, enabling potential XSS via non-standard encodings. Affected component/file: Express’s Content-Type han...
CVE-2014-6393
The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting XSS attacks via characters in a non-standard encoding...
Directory traversal
A vulnerability in the web framework of Cisco Unified Communications Manager 11.51.10000.6 could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by...
Girls Who Code Weeks 3 and 4: Robots, the Internet and College
The summer is flying by, and we have reached the mid-point of our Girls Who Code Summer Immersion program. Our students are smart, engaged, learning a ton, and seem to be having a lot of fun! Last week was about robotics. The girls wired and programmed Arduino robots to perform a variety of tasks...
Cisco Unified Communications Manager Directory Traversal Vulnerability (cisco-sa-20170802-ucm1)
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be...
Cisco Unified Communications Manager Directory Traversal Vulnerability
A vulnerability in the web framework of Cisco Unified Communications Manager could allow an authenticated, remote attacker to access arbitrary files in the context of the web root directory structure on an affected device. The vulnerability is due to insufficient input validation by the affected...
CVE-2017-1000048
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...
CVE-2017-1000048
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...
Design/Logic Flaw
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...
CVE-2017-1000048
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...
CVE-2017-1000048
the web framework using ljharb's qs module older than v6.3.2, v6.2.3, v6.1.2, and v6.0.4 is vulnerable to a DoS. A malicious user can send a evil request to cause the web framework crash...
CVE-2017-1000048
CVE-2017-1000048 applies to ljharb’s qs module; older versions v6.0.4, v6.1.2, v6.2.3 and v6.3.1 (i.e., older than v6.3.2) are vulnerable to a DoS where a malicious request can crash the application. The connected documents corroborate a Denial of Service impact via input handling in qs, and indi...
CVE-2017-6724
A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. More Information: CSCuw65843. Known Affected Releases: 3.10.0...
Cross site scripting
A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. More Information: CSCuw65843. Known Affected Releases: 3.10.0...
Cross site scripting
A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. More Information: CSCuw65833 CSCuw65837. Known Affected Releases: 2.22...
Cross site scripting
A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. Affected Products: Cisco Firepower Management Center Releases 5.4.1.x and prior. More...
Cross site scripting
A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. More Information: CSCvc38801. Known Affected Releases: 6.0.1.3 6.2.1. Known Fixed Releases: 6.2...