2049 matches found
JVN#63895206: Multiple vulnerabilities in Calsos CSDX and CSDJ series products
Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. Access Restriction Bypass CWE-284 - CVE-2018-0613 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...
Chrome Extension "5000 trillion yen converter" vulnerable to cross-site scripting
Overview Chrome Extension "5000 trillion yen converter" provided by Owen contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the extension Update the extension according to the information provided by the...
Chrome Extension "5000 trillion yen converter" Cross-Site Scripting Vulnerability
Google Chrome is an iOS-based web browser developed by Google USA. A cross-site scripting vulnerability exists in Chrome Extension "5000 trillion yen converter", which can be exploited by an attacker to execute arbitrary scripts on a user's web browser...
Cross site scripting
A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters...
Unspecified Cross-Site Scripting Vulnerability in SAP SAPUI5
SAP SAPUI5 is a UI technology that provides everything you need to build enterprise-class Web applications. SAP SAPUI5 suffers from an unspecified cross-site scripting vulnerability that stems from the program not properly validating user-supplied input. A remote attacker could use this...
WordPress plugin "Site Reviews" vulnerable to cross-site scripting
Overview The WordPress plugin "Site Reviews" provided by Gemini Labs contains a stored cross-site scripting vulnerability CWE-79. Keita Uchida of TDU Cryptography Lab reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
JVN#16471686: WordPress plugin "Email Subscribers & Newsletters" vulnerable to cross-site scripting
The WordPress plugin "Email Subscribers & Newsletters" provided by Icegram contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provid...
Multiple Cross-Site Scripting Vulnerabilities in Joomla! Core
Joomla! is an open source content management system CMS. The system provides RSS feeds , site search and other features . Joomla! Core is a Joomla! core. Multiple cross-site scripting vulnerabilities exist in Joomla! Core versions prior to 3.8.8, which stem from the program failing to properly...
WebSocket Live Chat - Cross-Site Scripting
WebSocket Live Chat - Cross-Site Scripting Exploit Title: WebSocket Live Chat - Cross-Site Scripting Date: 2018-05-22 Exploit Author: Alireza Norkazemi Vendor Homepage: https://codecanyon.net/item/websocket-live-chat-instant-messaging-php/16545798?srank=1 POC : 1 Create your account and click...
WordPress Ultimate Member Plugin < 2.0.4 Multiple Vulnerabilities
The WordPress plugin Copyright C 2018 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...
CVE-2018-9111
Cross Site Scripting XSS exists on the Foxconn FEMTO AP-FC4064-T APGTB385.8.3lb15-W47 LTE Build 15 via the configuration of a user account. An attacker can execute arbitrary script on an unsuspecting user's browser...
RT-AC1200HP vulnerable to cross-site scripting
Overview RT-AC1200HP provided by ASUS Japan Inc. is a wireless LAN router. RT-AC1200HP contains a cross-site scripting vulnerability CWE-79. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...
JVN#61081552: WordPress plugin "PixelYourSite" vulnerable to cross-site scripting
The WordPress plugin "PixelYourSite" provided by Minimal Work SRL contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on a logged in user's web browser. Solution Update the plugin Update the plugin according to the information provided by the...
Cacti cross-site scripting vulnerability (CNVD-2018-08317)
Cacti is based on PHP, MySQL, SNMP and RRDTool developed a set of graphical analysis of network traffic monitoring tools . Cacti suffers from a cross-site scripting vulnerability, which is caused by failing to properly filter HTML code from user-supplied input before displaying it, and can be...
Safari vulnerable to script injection
Overview Safari provided by Apple Inc. contains a script injection vulnerability CWE-81 in the processing of displaying an error page when it fails to verify server certificates. In an error page Safari displays when it fails to verify server certificates, a domain name of the website accessed is...
Multiple Cross-Site Scripting Vulnerabilities in SAP BI Launchpad
SAP BI Launchpad is the gateway to BO4.0, BO4.0 SAP BusinessObjects a German company SAP SAP provides a wide range of business intelligence software, information management software, enterprise performance management solutions, regulatory, risk and compliance solutions. Multiple cross-site...
JVN#83834277: Multiple vulnerabilities in FS010W
FS010W provided by FUJI SOFT INCORPORATED is a WiFi router. FS010W contains multiple vulnerabilities listed below. Stored cross-site scripting CWE-79 - CVE-2018-0519 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N| Base Score: 4.3 CVSS v2|...
Cross site scripting
A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input...
TYPO3 Recommend Page Extension Cross-Site Scripting Vulnerability
TYPO3 is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in the TYPO3 Recommend Page extension due to the program failing to properly filter user-supplied input. An attacker could use the...
Cisco Registered Envelope Service Cross-Site Scripting Vulnerability (CNVD-2017-34811)
Cisco Registered Envelope Service is a set of mail service solutions from Cisco USA. The product includes read receipts for mail, mail recycling, mail forwarding and reply functions, and provides smartphone support. A cross-site scripting vulnerability exists in the web interface in Cisco...