Extreme Management Center 8.4.1.24 - Cross-Site Scripting

Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

attend.gailborden.info Cross Site Scripting vulnerability OBB-3380081

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Design/Logic Flaw

Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site...

TrueConf Server Cross-Site Scripting Vulnerability (CNVD-2022-53542)

TrueConf Server is a self-hosted and secure video collaboration platform from the Russian company TrueConf. version 4.3.7 of TrueConf Server is vulnerable to a cross-site scripting vulnerability that originates from unknown code in the file /admin/conferences/get-all-status/, with the parameter...

lude-sv.de Cross Site Scripting vulnerability OBB-2700337

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

arabberg.com Improper Access Control vulnerability OBB-2424922

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PowerDNS Recursor API Injection Vulnerability

PowerDNS Recursive Server is a high-end name resolution server. An API injection vulnerability exists in PowerDNS Recursor, which can be exploited by an attacker to execute arbitrary code in a user's browser at an affected site...

NethServer 7.3.1611 (Upload.json) CSRF Script Insertion Vulnerability

Description NethServer suffers from an authenticated stored XSS vulnerability. Input passed to the 'BackupConfigUploadDescription' POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser sessio...

HP Performance Center Cross-Site Scripting Vulnerability

HP Performance Center is a suite of performance load testing software from Hewlett Packard Enterprise HPE. A cross-site scripting vulnerability exists in HP Performance Center version 12.20, which stems from the program failing to filter user-submitted input. A remote attacker could use this...

latesttraveloffers.com XSS vulnerability

Open Bug Bounty ID: OBB-257525 Description| Value ---|--- Affected Website:| latesttraveloffers.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities

Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities Infor CRM 8.2.0.1136 Multiple HTML Script Injection Vulnerabilities Vendor: Infor Product web page: http://www.infor.com Affected version: 8.2.0.1136 Summary: Infor® CRM, formerly Saleslogix, is an award-winning customer...

WordPress Photocrati Theme 'prod_id' XSS Vulnerability

The WordPress theme Photocrati is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nordex NC2 'username' Parameter Cross Site Scripting Vulnerability

Nordex NC2 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Maian Uploader 4.0 - index.php keywords Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/29051/info Maian Uploader is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in t...

phpArcadeScript 2.0 browse.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/16957/info phpArcadeScript is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary...

ImageVue 1.7 - dir2.php path Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/28138/info Imagevue is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code ...

EsContacts 1.0 - importer.php msg Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/28825/info EsContacts is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. Attackers may leverage these issues to execute arbitrary script code in the browse...

WordPress bib2html 'styleShortName' Cross Site Scripting Vulnerability

WordPress bib2html Plugin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

eTransfer Lite - 'file name' HTML Injection

source: https://www.securityfocus.com/bid/62313/info eTransfer Lite is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to...

Wordpress WP Banners Lite Plugin Cross Site Scripting Vulnerability

This host is installed with Wordpress WP Banners Lite Plugin and is prone to xss vulnerability. OpenVAS Vulnerability Test $Id: gbwordpresswpbannerslitexssvuln.nasl 6086 2017-05-09 09:03:30Z teissa $ Wordpress WP Banners Lite Plugin Cross Site Scripting Vulnerability Authors: Thanga Prakash S...