The vulnerability in the web interface of the Cisco WebEx Meetings Server software allows attackers to execute cross-site scripting attacks.

The vulnerability of the administration web interface of Cisco WebEx Meetings Server software is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially crafted link...

CVE-2018-15459

A vulnerability in the administrative web interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to gain additional privileges on an affected device. The vulnerability is due to improper controls on certain pages in the web interface. An attacker could explo...

CVE-2018-15459

CVE-2018-15459 : Cisco Identity Services Engine (ISE) has a privilege-escalation flaw in its administrative web interface. An authenticated administrator can send crafted HTTP requests to gain additional Admin accounts with different roles, enabling actions within their scope. The root cause is i...

Remote Code Execution (RCE)

conga is vulnerable to remote code execution RCE attacks. The vulnerability exists as registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface...

Information Disclosure Through Escalation Of Privileges

Django is vulnerable to information disclosure through escalation of privileges. The admin interface does not check user permissions correctly for viewing object history...

Technicolor MediaAccess TG789vac v2 HP Device Cross-Site Scripting Vulnerability

Technicolor MediaAccess TG789vac v2 HP is a gateway device from the French Technicolor group. A cross-site scripting vulnerability exists in the admin web interface of Technicolor MediaAccess TG789vac v2 HP devices with firmware version 16.3.7190-2761005-20161004084353, which can be exploited by...

CVE-2018-8827

The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS...

The vulnerability of the Cisco Prime Collaboration Provisioning software installation component for centralized product management allows a hacker to gain access to the administrative web interface with administrator privileges.

The vulnerability of the Cisco Prime Collaboration Provisioning software installation component for centralized product management involves the use of pre-installed user accounts. Exploiting this vulnerability could allow an attacker to gain access to the administrative web interface with...

CVE-2018-1000847

FreshDNS version 1.0.3 and prior contains a Cross Site Scripting XSS vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. This attack appear to be exploitable via The attacker stores a specially crafted string as their Ful...

Cross site scripting

FreshDNS version 1.0.3 and prior contains a Cross Site Scripting XSS vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. This attack appear to be exploitable via The attacker stores a specially crafted string as their Ful...

CVE-2018-1000847

FreshDNS version 1.0.3 and prior contains a Cross Site Scripting XSS vulnerability in Account data form; Zone editor that can result in Execution of attacker's JavaScript code in victim's session. This attack appear to be exploitable via The attacker stores a specially crafted string as their Ful...

CVE-2018-7067

A Remote Authentication bypass in Aruba ClearPass Policy Manager leads to complete cluster compromise. An authentication flaw in all versions of ClearPass could allow an attacker to compromise the entire cluster through a specially crafted API call. Network access to the administrative web...

Cross-site Scripting Vulnerability in Discuz!

Discuz! is a very popular Web forum program in the Chinese community. A cross-site scripting vulnerability exists in Discuz! X3.4, which stems from the failure of admincp/admincpsetting.php and template\default\common\footer.htm to properly handle the statcode field, which can be exploited to...

CVE-2018-18743

An XSS issue was discovered in SEMCMS 3.4 via the second text field to the admin/SEMCMSCategories.php?pid=1&lgid=1 URI...

CVE-2018-18742

A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMSUser.php?Class=add&CF=user URI...

CVE-2018-18740

An XSS issue was discovered in SEMCMS 3.4 via the first input field to the admin/SEMCMSLink.php?lgid=1 URI...

CVE-2018-18721

An XSS issue was discovered in admin/link/editlink?id=5 in YUNUCMS 1.1.5...

Cross site request forgery (csrf)

A CSRF issue was discovered in admin/Index/addmanageuser.html in Catfish CMS 4.8.30...

SEMCMS Cross-Site Scripting Vulnerability (CNVD-2019-01724)

SEMCMS is a foreign trade web content management system CMS that supports multiple languages. A cross-site scripting vulnerability exists in SEMCMS version 3.4, which can be exploited by remote attackers to inject arbitrary Web script or HTML into the Keywords field of the...

CVE-2018-18433

An issue was discovered in DESTOON B2B 7.0. admin/category.inc.php has XSS via the categorycatname parameter to the admin.php URI...