VLC Media Player Web Interface Cross Site Scripting Vulnerability (Dec 2015) - Windows

VLC media player is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Mozilla Firefox Multiple Vulnerabilities (Nov 2015) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

DNN (DotNetNuke) < 7.4.2 Multiple Vulnerabilities

The version of DNN installed on the remote host is affected by multiple vulnerabilities : - An unspecified cross-site scripting vulnerability exists due to a failure to properly sanitize content used by the tabs control. An unauthenticated, remote attacker can exploit this to execute arbitrary...

Joomla CMS 'login' Module XSS Vulnerability

Joomla is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:joomla:joomla";...

WordPress plupload Cross-Site Scripting Vulnerability - Windows

WordPress is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress plupload Cross-Site Scripting Vulnerability - Linux

WordPress is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress 'Non-Strict Mode' Multiple Cross-Site Scripting Vulnerabilities - Windows

WordPress is prone to multiple cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Novell ZENworks Mobile Management Cross-Site Scripting

A cross-site scripting vulnerability has been reported in Novell ZENworks Mobile Management. The vulnerability is due to insufficient validation of output before it is returned to the user. A remote attacker can exploit this vulnerability by enticing a user to click on a maliciously crafted link...

X_CART Installation Script Cross Site Scripting Vulnerability

XCART is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:qualiteam:x-cart";...

VuFind 1.0 Cross Site Scripting

VuFind 1.0 Web Application Reflected XSS Cross-site Scripting 0-Day Bug Security Issue Exploit Title: VuFind Results? &lookfor parameter Reflected XSS Web Security Vulnerability Product: VuFind Vendor: VuFind Vulnerable Versions: 1.0 Tested Version: 1.0 Advisory Publication: September 20, 2015...

WordPress < 4.3.1 Multiple Vulnerabilities

According to its version number, the WordPress application running on the remote web server is prior to 4.3.1. It is, therefore, potentially affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists when processing shortcode tags due to improper validation of...

Splunk Enterprise 6.2.x < 6.2.6 / Splunk Light 6.2.x < 6.2.6 Splunk Web XSS

According to its version number, the instance of Splunk hosted on the remote web server is Splunk Enterprise 6.2.x prior to 6.2.6 or Splunk Light 6.2.x prior to 6.2.6. It is, therefore, affected by a cross-site scripting vulnerability in the Splunk Web component due to improper validation of...

Kirby CMS Cross-Site Request Forgery Vulnerability

Kirby CMS is a file-based content management system that is flexible, easy to use and easy to install. KirbyCMS suffers from a cross-site request forgery vulnerability in its implementation, which could be exploited by an attacker to execute arbitrary script code in the context of an affected...

Typo3 CMS 6.2.14 / 4.5.40 Cross Site Scripting

secunet Security Networks AG Security Advisory Advisory: Typo3 Core sanitizeLocalUrl Non-Persistent Cross-Site Scripting 1. DETAILS ---------- Product: Typo3 CMS Vendor URL: typo3.org Type: Cross-site ScriptingCWE-79 Date found: 2015-07-30 Date published: 2015-09-14 CVSSv2 Score: 3,5...

Matt Wright FormMail Multiple cross-site scripting (XSS) vulnerabilities (CVE-2009-1776; CVE-2009-1777)

FormMail is prone to an HTTP-response-splitting vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user, steal...

PhpWiki Multiple Vulnerabilities

PhpWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpwiki:phpwiki"; ifdescription...

Advantech WebAccess < 7.0-2011.12.20 Multiple Vulnerabilities

Binary data scadaadvantechwebaccess7020111220.nbin...

ManageEngine ServiceDesk Plus 9.1.0 < Build 9103 Multiple Vulnerabilities

The remote host is running ManageEngine ServiceDesk Plus version 9.1.0 prior to build 9103. It is, therefore, affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists due to improper validation of user-supplied input on the 'Login' page. A remote attacker can exploit...

MS15-087: Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459)

The remote Windows host is affected by an elevation of privilege vulnerability in the Universal Description, Discovery, and Integration UDDI Services component due to improper validation and sanitization of user-supplied input to the 'searchID' parameter of the 'explorer' frame in frames.aspx. A...

MS15-087: Vulnerability in UDDI Services Could Allow Elevation of Privilege (3082459) (uncredentialed check)

The remote Windows host is affected by an elevation of privilege vulnerability in the Universal Description, Discovery, and Integration UDDI Services component due to improper validation and sanitization of user-supplied input to the 'searchID' parameter of the 'explorer' frame in frames.aspx. A...