131 matches found
CVE-2021-31835
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator ePO prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized...
CVE-2021-39334
The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the psjbexpin and the psjbcurrin parameters found in the /job-settings.php file which allowed attackers with administrative user access to inject arbitrary...
EC-CUBE plugin "Order Status Batch Change Plug-in" vulnerable to cross-site scripting
Overview EC-CUBE plugin "Order Status Batch Change Plug-in" provided by ActiveFusions Co., Ltd. contains a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by conducting a specific operation on the management page of EC-CUBE. ActiveFusions Co., Ltd. reported this...
EC-CUBE vulnerable to cross-site scripting
Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains a cross-site scripting vulnerability CWE-79. An arbitrary script may be executed by executing a specific operation on the management page of EC-CUBE. As of 2021 May 10, an attack exploting this vulnerability has been observed in the wild...
BigBlueButton Greenlight Cross-Site Scripting Vulnerability
BigBlueButton is BigBlueButton community of a set of open source Web conferencing system . A cross-site scripting vulnerability exists in BigBlueButton Greenlight version 2.7.6, which stems from a cross-site scripting XSS vulnerability in the "merge account" function of admin .js. No details of t...
Multiple vulnerabilities in WordPress Plugin "Attendance Manager"
Overview WordPress Plugin "Attendance Manager" provided by SUKIMALAB.COM contains multiple vulnerabilities listed below. Stored cross-site scripting vulnerability CWE-79 - CVE-2019-5970 Cross-site request forgery vulnerability CWE-352 - CVE-2019-5971 Natsumi Matsuoka of Cryptography...
CVE-2018-0666
Yamaha routers RT57i Rev.8.00.95 and earlier, RT58i Rev.9.01.51 and earlier, NVR500 Rev.11.00.36 and earlier, RTX810 Rev.11.01.31 and earlier, allow an administrative user to embed arbitrary scripts to the configuration data through a certain form field of the configuration page, which may be...
The vulnerability of the administrative web interface of the software dnaTools dnaLIMS allows a perpetrator to execute arbitrary commands.
The vulnerability of the administrative web interface of the software dnaTools dnaLIM is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands using specially crafted POST requests sent to the address...
ASSETBASE vulnerable to cross-site scripting
Overview ASSETBASE provided by UCHIDA YOKO CO., LTD. is an IT asset management tool. ASSETBASE contains a cross-site scripting vulnerability CWE-79. Keitaro Yamazaki of Kyoto University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
CSRF vulnerability in the latest version of beecms
beecms is an enterprise website management system based on PHP+Mysql architecture. The latest version of beecms has a CSRF vulnerability. Due to the failure of the add administrator form in the background to protect the token, adminadmin.php 102 lines to start processing add administrator, failed...
PHP Kobo Photo Gallery CMS for PC/smartphone and feature phone Cross-Site Request Forgery Vulnerability
PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone is a photo gallery content management system CMS for PC, smartphone and feature phone from PHP Kobo Japan. A cross-site request forgery vulnerability exists in the admin.php script in PHP Kobo Photo Gallery CMS for PC, smartphone and...
Fastspot BigTree 'admin.php' Script HTML Injection Vulnerability
Fastspot BigTree CMS is the United States Fastspot company based on PHP and MySQL open source content management system CMS. An HTML injection vulnerability exists in Fastspot BigTree CMS versions prior to 4.2.3, which stems from the program failing to adequately filter user-submitted input. When...
Multiple Cross-Site Request Forgery Vulnerabilities in osCMax
osCMax is a PHP-based open source e-commerce system/shopping cart application that supports multi-language, SSL-secured transactions, multiple payment methods, regional shipping conversion, printing invoices and more. Multiple cross-site request forgery vulnerabilities exist in versions of osCMax...
Ilch CMS Cross-Site Request Forgery Vulnerability
Ilch CMS is a Content Management System CMS developed by the Ilch team in Germany, which eliminates the need for users to understand programming languages, modules, design, etc. by providing a simple and scalable base system. A cross-site request forgery vulnerability exists in Ilch CMS. A remote...
ZaireWeb Solutions Newsletter ZWS Administrative Interface Authentication Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10605/info Newsletter ZWS is reported prone to an administrative interface authentication bypass vulnerability. The vulnerability exists due to a design error in the implementation of the authentication system for the...
FreePBX Framework Module view.functions.php Remote Code Execution
Added: 04/03/2014 CVE: CVE-2014-1903 BID: 65509 OSVDB: 103240 Background FreePBX is an open source telephony front-end, which has an easy to use graphical user interface that controls and manages Asterisk. Problem The Framework module of FreePBX is vulnerable to remote code execution as a result ...
Cross site scripting
Cross-site scripting XSS vulnerability in the admin script in Active CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter in a module action...
CVE-2011-4564
Cross-site scripting XSS vulnerability in the admin script in Active CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter in a module action...
CVE-2011-4564
The CVE-2011-4564 entry describes a Cross-site Scripting (XSS) vulnerability in the admin script of Active CMS 1.2. The issue allows remote attackers to inject arbitrary web script or HTML by manipulating the mod parameter in a module action. Affected software: Active CMS 1.2 (admin component). U...
Plume vulnerable to cross-site scripting
Overview Plume contains a cross-site scripting vulnerability. Plume is a Content Management System CMS. Plume contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informati...