2049 matches found
JVN#32155106: Multiple vulnerabilities in i-FILTER
i-FILTER provided by Digital Arts Inc. contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2018-16180 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2| AV:N/AC:M/Au:N/C:N/I:P/A:N| Base Score: 4.3 HTTP...
WordPress Plugin Event Calendar WD Cross-Site Scripting Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Event Calendar WD, which could allow an attacker to execu...
Security update for libgit2 (moderate)
This update for libgit2 fixes the following issues: - CVE-2018-8099: Fixed possible denial of service attack via different vectors by not being able to differentiate between these status codes bsc1085256. - CVE-2018-11235: With a crafted .gitmodules file, a malicious project can execute an...
SUSE-SU-2018:3440-1 Security update for libgit2
This update for libgit2 fixes the following issues: - CVE-2018-8099: Fixed possible denial of service attack via different vectors by not being able to differentiate between these status codes bsc1085256. - CVE-2018-11235: With a crafted .gitmodules file, a malicious project can execute an...
Cisco Wireless LAN Controller Software Cross-Site Scripting Vulnerability
Cisco Wireless LAN Controller WLC is a wireless LAN controller product from Cisco USA. The product provides security policy, intrusion detection and other functions in the wireless LAN. A cross-site scripting vulnerability exists in Cisco Wireless LAN Controller Software due to a web-based...
Wordpress plugin Wordfence 503.php page cross-site scripting vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Wordpress plugin Wordfence 503.php page, which can be exploited by an...
CVE-2018-0675
AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors...
CVE-2018-0675
AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors...
CVE-2018-0674
AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors...
Design/Logic Flaw
AttacheCase ver.3.3.0.0 and earlier allows an arbitrary script execution via unspecified vectors...
Design/Logic Flaw
AttacheCase ver.2.8.4.0 and earlier allows an arbitrary script execution via unspecified vectors...
CVE-2018-0675
CVE-2018-0675 affects AttacheCase up to version 3.3.0.0 (and earlier). The vulnerability allows arbitrary script execution via crafted settings, specifically when a malicious ATCCase.ini is placed in the same folder as the ATC file and the file is decrypted. The root cause is tied to handling of ...
CVE-2018-0674
CVE-2018-0674 affects AttacheCase, a file‑encryption tool by HiBARA Software. Vulnerability: when a specially crafted AtcCase.ini is in the same folder as the ATC file, decryption can trigger execution of an arbitrary script, enabling a remote unauthenticated attacker to run code. Affected: Attac...
JVN#02037158: AttacheCase vulnerable to arbitrary script execution
AttacheCase is an open source file encryption software provided by HiBARA Software. If a setting file AtcCase.ini is specially crafted and it resides in the same folder where ATC file resides, it is leveraged to execute an arbitrary script when ATC file is decrypted. Impact A remote unauthenticat...
Movable Type vulnerable to cross-site scripting
Overview Movable Type provided by Six Apart, Ltd. is a content management system. Movable Type contains a cross-site scripting vulnerability CWE-79. ASAI Ken reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...
JVN#18716340: Multiple cross-site scripting vulnerabilities in GROWI
GROWI provided by WESEEK, Inc. contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in the UserGroup Management section of admin page CWE-79 - CVE-2018-0652 Version| Vector| Score ---|---|--- CVSS v3|...
WordPress Strong Testimonials Plugin Has Multiple Cross-Site Scripting Vulnerabilities
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple cross-site scripting vulnerabilities exist in the WordPress Strong Testimonials plugin, which can be exploited by an...
WordPress Gwolle Guestbook plugin cross-site scripting vulnerability (CNVD-2018-13972)
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Gwolle Guestbook plugin, which can be exploited by an attacker t...
WordPress plugin "FV Flowplayer Video Player" vulnerable to cross-site scripting
Overview The WordPress plugin "FV Flowplayer Video Player" provided by Foliovision contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...
Cisco Web Security Appliance Cross-Site Scripting Vulnerability (CNVD-2018-13760)
Cisco Web Security Appliance WSA is a set of Web security appliances from Cisco USA. The appliance provides SaaS-based access control, real-time network reporting and tracking, and the development of security policies. A cross-site scripting vulnerability exists in the web-based management...