BSA-2018-525

Security Advisory ID : BSA-2018-525 Component : Fabric OS Web GUI Revision : 1.0: Initial XSS vulnerabilities in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS FOS could allow remote unauthenticated attackers to execute arbitrary script code in...

PHP 7.0.x < 7.0.27 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.27. It is, therefore, affected by the following vulnerabilities : - A denial of service DoS vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gdgifin.c script...

PHP 5.6.x < 5.6.33 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.33. It is, therefore, affected by multiple vulnerabilities : - A potential infinite loop in gdImageCreateFromGifCtx. CVE-2018-5711 - A reflected XSS in .phar 404 page exists due to improper validati...

CVE-2018-0118

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

CVE-2018-0118

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

WordPress WebConnex Form Management 1.6.3 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable WebConnex Form Management 1.6.3 WebConnex Form Management is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this iss...

WordPress Share This Image 1.03 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable Share This Image 1.03 Share This Image is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

WordPress Yakadanda Google+ Hangout Events 0.3.7 XSS Vulnerability

WordPress Yakadanda Google+ Hangout Events plugin version 0.3.7 suffers from a cross site scripting vulnerability. Credit Ricardo Sanchez Vulnerable Yakadanda Google+ Hangout Events 0.3.7 Yakadanda Google+ Hangout Events is prone to a stored cross-site scripting vulnerability because it fails to...

WordPress Itinerary 1.0.0 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Itinerary 1.0.0 Itinerary is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

WordPress Pinterest Badge 1.8.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable Pinterest Badge 1.8.0 Pinterest Badge is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

WordPress Z-URL Preview 1.6.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Vulnerable Z-URL Preview 1.6.1 Z-URL Preview is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

CVE-2017-12366

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...

Cross site scripting

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface. The vulnerability is due to insufficient...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is du...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco Jabber Clients Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is du...

Cross site scripting

Huawei Email APP Vicky-AL00 smartphones with software of earlier than VKY-AL00C00B171 versions has a stored cross-site scripting vulnerability. A remote attacker could exploit this vulnerability to send email that storing malicious code to a smartphone and waiting for a user to access this email...