Design/Logic Flaw

The webGUI configuration-export feature in Cisco Edge Bluebird Operating System 1.2 on Edge 340 devices allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuu43968...

CVE-2015-4029

Cross-site scripting XSS vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to servicescaptiveportalzones.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to servicescaptiveportalzones.php...

CVE-2015-4029

pfSense WebGUI CVE-2015-4029 is an XSS in the captive portal zones management page. The flaw arises in services_captiveportal_zones.php when the zone parameter is used during a del action, enabling remote attackers to inject script/HTML into a victim’s browser. Affected releases are pfSense prior...

CVE-2015-4029

Cross-site scripting XSS vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to servicescaptiveportalzones.php...

CVE-2015-2295

Cross-site request forgery CSRF vulnerability in systemfirmwarerestorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in systemfirmwarerestorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter...

CVE-2015-2295

PfSense WebGUI (pfSense before 2.2.1) is affected by CVE-2015-2295 due to CSRF in system_firmware_restorefullbackup.php, enabling an attacker to hijack admin authentication and issue deletefile requests that can remove arbitrary files with root privileges. Several connected advisories corroborate...

CVE-2015-2294

Multiple cross-site scripting XSS vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 zone parameter to statuscaptiveportal.php; 2 if or 3 dragtable parameter to firewallrules.php; 4 queue parameter in an add action to...

CVE-2015-2294

Multiple cross-site scripting XSS vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 zone parameter to statuscaptiveportal.php; 2 if or 3 dragtable parameter to firewallrules.php; 4 queue parameter in an add action to...

CVE-2015-2294

pfSense before 2.2.1 is affected by multiple WebGUI XSS vulnerabilities (CVE-2015-2294) and a CSRF issue (CVE-2015-2295). The root cause is insufficient validation/sanitization of user-supplied input across many parameters (zone, if/dragtable, queue, id, and various filterlogentries_*; plus syste...

Cross site scripting

Cross-site scripting XSS vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to...

CVE-2014-8617

Cross-site scripting XSS vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to...

CVE-2014-8617

Cross-site scripting XSS vulnerability in the Web Action Quarantine Release feature in the WebGUI in Fortinet FortiMail before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5, and 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via the release parameter to...

CVE-2014-8617

Fortinet FortiMail WebGUI is affected by a stored XSS in the Web Action Quarantine Release feature. The vulnerability (CVE-2014-8617) allows an attacker to inject arbitrary web script or HTML via the release parameter to module/releasecontrol. Affected versions are FortiMail before 4.3.9, 5.0.x b...

Plain Black WebGUI 'style-underground/search' cross-site scripting vulnerability

WebGUI is a CMS Content Management System software that is mainly used to facilitate the publishing and maintenance of website content. A cross-site scripting vulnerability exists in Plain Black WebGUI 'style-underground/search'. This allows remote attackers to execute arbitrary web script or HTM...

UBUNTU-CVE-2015-1564

Cross-site scripting XSS vulnerability in style-underground/search in Plain Black WebGUI 7.10.29 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field...

CVE-2015-1564

Cross-site scripting XSS vulnerability in style-underground/search in Plain Black WebGUI 7.10.29 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field...

Cross site scripting

Cross-site scripting XSS vulnerability in style-underground/search in Plain Black WebGUI 7.10.29 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field...

CVE-2015-1564

Cross-site scripting XSS vulnerability in style-underground/search in Plain Black WebGUI 7.10.29 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field...