CVE-2015-0818

Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving SVG hash navigation...

Symantec NetBackup OpsCenter Arbitrary Code Execution Vulnerability

Symantec NetBackup OpsCenter is a unified data protection management software from Symantec Symantec. The software allows centralized monitoring and reporting of the operational status of heterogeneous data protection environments through a console. A security vulnerability exists in Symantec...

Cross-Site Scripting (XSS)

CKEditor is vulnerable to cross-site scripting. A remote attacker is able to inject arbitrary Javascript into a victim's browser to steal session tokens or perform unwanted actions on behalf of the user...

WordPress Geo Mashup 1.8.2 Cross Site Scripting

Vulnerability title: Wordpress Geo Mashup plugin XSS Author: Paolo Perego CVE: CVE-2015-1383 Affected versions: = 1.8.2 Fixed version: 1.8.3 January, 11 2015 Product link: https://wordpress.org/plugins/geo-mashup/ Description Geo Mashup is a wordpress plugin designed to let you save location...

Design/Logic Flaw

The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors...

CVE-2014-8636

CVE-2014-8636 affects Mozilla Firefox and SeaMonkey through an information flow bug in the XrayWrapper. The issue arises when interacting with a DOM object that has a named getter, allowing a remote attacker to cause arbitrary JavaScript execution with chrome privileges via unspecified vectors. A...

CVE-2014-8636

The XrayWrapper implementation in Mozilla Firefox before 35.0 and SeaMonkey before 2.32 does not properly interact with a DOM object that has a named getter, which might allow remote attackers to execute arbitrary JavaScript code with chrome privileges via unspecified vectors...

Ubuntu 12.04 LTS : kde-runtime vulnerability (USN-2414-1)

Tim Brown and Darron Burton discovered that KDE-Runtime incorrectly handled input validation. An attacker could possibly use this issue to execute arbitrary javascript. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory...

USN-2414-1: KDE-Runtime vulnerability

Tim Brown and Darron Burton discovered that KDE-Runtime incorrectly handled input validation. An attacker could possibly use this issue to execute arbitrary javascript...

[RT-SA-2013-003] Endeca Latitude Cross-Site Scripting

Advisory: Endeca Latitude Cross-Site Scripting RedTeam Pentesting discovered a Cross-Site Scripting XSS vulnerability in Endeca Latitude. By exploiting this vulnerability an attacker is able to execute arbitrary JavaScript code in the context of other Endeca Latitude users. Details ======= Produc...

CVE-2014-7205

Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for the hapi server framework for Node.js allows remote attackers to execute arbitrary Javascript code via unspecified vectors...

Arachni Web Application Scanner 0.4.7 Cross Site Scripting

Title: Arachni Web Application Scanner Web UI Stored XSS Vulnerability CVE: 2014-5469 Vendor Homepage: http://www.arachni-scanner.com/ Author: Prakhar Prasad Author Homepage: https://prakharprasad.com Reference: https://github.com/Arachni/arachni-ui-web/issues/71 Affected Version: Arachni...

Arachni Web Application Scanner Web UI - Persistent Cross-Site Scripting

Title: Arachni Web Application Scanner Web UI Stored XSS Vulnerability CVE: 2014-5469 Vendor Homepage: http://www.arachni-scanner.com/ Author: Prakhar Prasad Author Homepage: https://prakharprasad.com Reference: https://github.com/Arachni/arachni-ui-web/issues/71 Affected Version: Arachni...

Arachni Web Application Scanner Web UI - Persistent Cross-Site Scripting

Arachni Web Application Scanner Web UI - Persistent Cross-Site Scripting Title: Arachni Web Application Scanner Web UI Stored XSS Vulnerability CVE: 2014-5469 Vendor Homepage: http://www.arachni-scanner.com/ Author: Prakhar Prasad Author Homepage: https://prakharprasad.com Reference:...

Diferior 8.03 Multiple XSS Vulnerabilities

No description provided by source. Vulnerability ID: HTB22721 Reference: http://www.htbridge.ch/advisory/storedxsscrosssitescriptingvulnerabilityindiferior.html Product: Diferior Vendor: Povilas Musteikis http://www.diferior.com/ Vulnerable Version: 8.03 and probably prior versions Vendor...

Claroline 1.10 Persistent XSS Vulnerability

No description provided by source. ------------------------------------------------------------------------ Software................Claroline 1.10 Vulnerability...........Persistent Cross-site Scripting Threat Level............Moderate 2/5 Download................http://www.claroline.net/...

Microsoft SharePoint Server 2007 XSS Vulnerability

No description provided by source. Vulnerability ID: HTB22350 Reference: http://www.htbridge.ch/advisory/xssinmicrosoftsharepointserver2007.html http://www.microsoft.com/technet/security/advisory/983438.mspx Product: Microsoft SharePoint Server 2007 Vendor: Microsoft Corporation Vulnerable Versio...

frog cms 0.9.5 - Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22685 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinfrogcms.html Product: Frog CMS Vendor: Philippe Archambault http://www.madebyfrog.com/ Vulnerable Version: 0.9.5 and probably prior versions Vendor Notification: 09 November 2010...

e107 1.0.1 - CSRF Resulting in Arbitrary Javascript Execution

No description provided by source. Exploit Title: e107 v1.0.1 Administrator CSRF Resulting in Arbitrary Javascript Execution Google Dork: intext:This site is powered by e107 Date: 01/01/13 Exploit Author: Joshua Reynolds Vendor Homepage: http://e107.org Software Link:...

PHP MicroCMS 1.0.1 CSRF and XSS Vulnerabilities

No description provided by source. Vulnerability ID: HTB22765 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpmicrocms.html Product: PHP MicroCMS Vendor: ApPHP http://www.apphp.com/ Vulnerable Version: 1.0.1 and probably prior versions Vendor Notification: 21 December 2010 Vulnerability...