HPE System Management - Cross-Site Scripting

HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...

CVE-2025-20116 Cisco Application Policy Infrastructure Controller Stored Cross-Site Scripting Vulnerability

A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to improper input validation in the web...

CVE-2023-37422

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute...

Novell ZENworks Mobile Management Cross-Site Scripting

A cross-site scripting vulnerability has been reported in Novell ZENworks Mobile Management. The vulnerability is due to insufficient validation of output before it is returned to the user. A remote attacker can exploit this vulnerability by enticing a user to click on a maliciously crafted link...

PhpWiki Multiple Vulnerabilities

PhpWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpwiki:phpwiki"; ifdescription...

PHP Running Management 1.0.2 'index.php' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27268/info PHP Running Management is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

ToendaCMS 0.7 Index.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18178/info ToendaCMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scri...

MS12-040: Vulnerability in Microsoft Dynamics AX Enterprise Portal Could Allow Elevation of Privilege (MSSQL check)

Binary data ms12-040mssql.nbin...

Symantec Web Gateway timer.php XSS (SYM12-006)

The remote web server is hosting a version of Symantec Web Gateway that is vulnerable to cross-site scripting attacks. Input to the 'l' parameter of timer.php is not properly sanitized. An attacker could exploit this by tricking a user into making a malicious request, resulting in arbitrary scrip...

McAfee WebShield UI ProcessTextFile bodyStyle Parameter XSS (SB10020)

The version of WebShield UI hosted on the remote web server has a reflected cross-site scripting vulnerability. Input to the 'bodyStyle' parameter of ProcessTextFiles is not properly sanitized. A remote attacker could exploit this by tricking a user into requesting a maliciously crafted URL,...

MS10-072: Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)

The versions of SharePoint Services, SharePoint Server, Groove, or Office Web Apps installed on the remote host have multiple cross-site scripting vulnerabilities. A remote attacker could exploit them by tricking a user into making a malicious request, resulting in arbitrary script code execution...

SoftComplex PHP Event Calendar 1.5 - Multiple Remote Vulnerabilities

source: https://www.securityfocus.com/bid/41043/info SoftComplex PHP Event Calendar is prone to multiple remote security vulnerabilities including cross-site scripting, HTML-injection, directory-traversal, and cross-site request-forgery issues. Attackers can exploit these issues to obtain sensiti...

Pre ASP Job Board - 'emp_login.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/32572/info Pre ASP Job Board is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Claroline 1.8.9 - 'work/work.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/30269/info Claroline is prone to multiple input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities. 2. A remote URI-redirection vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser ...

Claroline 1.8.9 - 'exercise/exercise.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/30269/info Claroline is prone to multiple input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities. 2. A remote URI-redirection vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser ...

SiteBar 3.3.8 - integrator.php?lang Cross-Site Scripting

SiteBar 3.3.8 - integrator.php?lang Cross-Site Scripting source: https://www.securityfocus.com/bid/26126/info SiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. These issues include: - A local file-include vulnerability -...

SiteBar 3.3.8 - translator.php?updcmdActionedit Arbitrary PHP Code Execution

SiteBar 3.3.8 - translator.php?updcmdActionedit Arbitrary PHP Code Execution source: https://www.securityfocus.com/bid/26126/info SiteBar is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. These issues include: - A local file-include...

Adobe Reader plug-in AcroPDF.dll 8.0.0.0 Resource Consumption

No description provided by source. ------------------------------------------------------------------------------- Adobe PDF Reader plug-in AcroPDF.dll ver. 8.0.0.0 Resource Consumption author: shinnai mail: shinnaiatautisticidotorg site: http://www.shinnai.altervista.org...

Quickblogger 1.4 - Remote File Inclusion

source: https://www.securityfocus.com/bid/20210/info Quickblogger is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. A successful exploit of this issue allows an attacker to execute arbitrary server-side script code on an affected computer...

BandSite CMS 1.1 - 'links_content.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20137/info Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. These issues may allow an attacker to access sensitive information, execute arbitrary server-side...