2049 matches found
Vulnerabilities fixed in Xerox WorkCentre
Xerox has fixed several vulnerabilities in WorkCentre. A malicious party could exploit the vulnerabilities to cause a Denial-of-Service or to perform a Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in the browser used to visit the application is...
Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: Edit feed settings, Edit widget area, Sub site new registration, New category registration Tested baserCMS Version :...
GHSA-WPWW-4JF4-4HX8 Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: Edit feed settings, Edit widget area, Sub site new registration, New category registration Tested baserCMS Version :...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the web-based...
Cisco Adaptive Security Appliance Cross-Site Scripting Vulnerability (CNVD-2021-44674)
Cisco Adaptive Security Appliance is a set of firewalls and network security platforms from the U.S. company Cisco Cisco. The platform provides highly secure access to data and network resources and other features. A cross-site scripting vulnerability exists in the Cisco Adaptive Security...
Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Components are: Blog comment posting Tested baserCMS Version : 4.4.0 Latest Affected baserCMS Version : 4.0.0 4.4.0 Patches : https://basercms.net/security/20201029 Found by yama...
GHSA-FW5Q-J9P4-3VXG Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
baserCMS 4.4.0 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Components are: Blog comment posting Tested baserCMS Version : 4.4.0 Latest Affected baserCMS Version : 4.0.0 4.4.0 Patches : https://basercms.net/security/20201029 Found by yama...
WordPress Plugin Colorbox Lightbox Cross-Site Scripting Vulnerability
WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site scripting vulnerability exists in the WordPress plugin Colorbox Lightbox. An...
CVE-2020-3589 Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting XSS attack against a user of the interface. The vulnerability exists because the...
BaserCMS Cross-Site Scripting Vulnerability (CNVD-2020-49572)
BaserCMS is an open source enterprise-level content management system cms. BaserCMS 4.3.6 and earlier versions of contentfields.php, contentinfo.php, contentoptions.php, contentrelated.php, indexlisttree.php, jquery.bcTree. A cross-site scripting vulnerability exists in the js component. An...
GHSA-CPXC-67RC-C775 Cross Site Scripting in baserCMS
baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: contentfields.php, contentinfo.php, contentoptions.php, contentrelated.php, indexlisttree.php, jquery.bcTree.js Tested...
Multiple cross-site scripting vulnerabilities in Exment
Overview Exment provided by Kajitori Co.,Ltd contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in some input fields CWE-79 - CVE-2020-5619 Stored cross-site scripting vulnerability in upload files CWE-79 - CVE-2020-5620 Ryoya Koyama of...
JVN#88315581: Multiple cross-site scripting vulnerabilities in Exment
Exment provided by Kajitori Co.,Ltd contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in some input fields CWE-79 - CVE-2020-5619 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4...
VulnCheck KEV: CVE-2017-7391
A Cross-Site Scripting XSS was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data prefix passed to the 'magmi-git-master/magmi/web/ajaxgettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the...
CVE-2018-21055
An issue was discovered on Samsung mobile devices with N7.0 Qualcomm models using MSM8996 chipsets software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 September 2018...
CVE-2019-6034
a-blog cms versions prior to Ver.2.10.23 Ver.2.10.x, Ver.2.9.26 Ver.2.9.x, and Ver.2.8.64 Ver.2.8.x allows arbitrary scripts to be executed in the context of the application due to unspecified vectors...
JVN#10377257: Multiple vulnerabilities in a-blog cms
a-blog cms provided by appleple inc. contains multiple vulnerabilities listed below. Reflected cross-site scripting CWE-79 - CVE-2019-6033 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3...
JVN#26847507: Multiple vulnerabilities in "Custom Body Class"
WordPress Plugin "Custom Body Class" provided by Andrei Lupu contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2019-6029 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:H/Au:N/C:N/I:P/A:N|...
Kinza Cross-Site Scripting Vulnerability
KINZA is a web browser. A cross-site scripting vulnerability exists in KINZA version 5.9.2 and earlier on Windows platforms and version 5.0.0 and earlier on Mac platforms. An attacker can exploit this vulnerability to execute arbitrary script on a user's web browser...
Zyxel NBG-418N v2 Modem Cross-Site Request Forgery Vulnerability
The Zyxel NBG-418N is a broadband router. The Zyxel NBG-418N v2 Modem suffers from a cross-site request forgery vulnerability that can be exploited by an attacker to execute arbitrary script code in the context of an affected site to steal cookie-based authentication credentials or perform...