2049 matches found
CVE-2017-12257
A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters...
Drupal 'Commerce Invoices' Module SQL Injection and Cross Site Scripting Vulnerabilities
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Ctools Chaos tool suite is one of the API modules used to improve the development experience. SQL injection and cross-site scripting vulnerabilities exist in the Drupal 'Commerce...
Multiple cross-site scripting vulnerabilities in ScreenOS
Overview ScreenOS provided by Juniper Networks contains multiple cross-site scripting vulnerabilities. Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2017-15836)
Cisco Firepower Management Center is a new generation of firewall management center software from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the Web Framework in Cisco Firepower Management Center 5.4.1 and prior versions, which arises from the program failing to...
Cross-site scripting vulnerability in WordPress plugin "WordPress Download Manager"
Overview The WordPress plugin "WordPress Download Manager" provided by W3 Eden, Inc. contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...
JVN#11326581: Empirical Project Monitor - eXtended vulnerable to cross-site scripting
Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a reflected cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Empirical Project Monitor - eXtended The...
CVE-2017-2140
Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory...
CVE-2017-2140
Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory...
CVE-2017-2140
CVE-2017-2140 affects Tablacus Explorer 17.3.30 and earlier. The root cause is improper handling of directory names, leading to a script injection vulnerability that allows arbitrary scripts to run in the context of the application. Impact stated: when a user accesses a crafted directory, an arbi...
CVE-2017-3125
CVE-2017-3125 describes an unauthenticated Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail. Affected versions: FortiMail 5.0.0–5.2.9 and 5.3.0–5.3.8. An attacker can trick a logged-in user into clicking a crafted URL, enabling execution of arbitrary scripts in the user’s browser in...
Unspecified Cross-Site Scripting Vulnerability in Trend Micro ServerProtect for Linux
Trend Micro ServerProtect for Linux is an enterprise-grade anti-virus program that runs on Linux. An unspecified cross-site scripting vulnerability exists in Trend Micro ServerProtect for Linux, which is caused by a failure to validate user-submitted data. The vulnerability can be exploited to...
CVE-2017-7248
A Cross-Site Scripting XSS was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data type passed to the 'Gazelle-master/sections/better/transcode.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the...
WordPress Cross-Site Scripting Vulnerability (CNVD-2017-03615)
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary...
OneThird CMS vulnerable to cross-site scripting
Overview OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability CWE-79 due to an issue in processing the inquiry form. Note that this vulnerability is different from JVN49408248. Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication...
melbourne.com XSS vulnerability
Vulnerable URL:...
JVN#73083905: Multiple vulnerabilities in WBCE CMS
WBCE CMS provided by WBCE Team is an open-source Contents Management System CMS. WBCE CMS contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2017-2118 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...
Fastspot BigTree bigtree-form-builder input validation vulnerability
Fastspot BigTree is the United States Fastspot company based on PHP and MySQL open source content management system CMS. bigtree-form-builder is one of the administrators used to build and collect the front-end user input information form . Fastspot BigTree bigtree-form-builder A security...
Multiple cross-site scripting vulnerabilities in Webmin
Overview Webmin contains multiple cross-site scripting vulnerabilities CWE-79 due to issues in outputting error messages into a HTML page and the function to edit the database. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2017-01082)
Cisco Unified Communications Manager is a call processing component of a Cisco IP telephony solution. A cross-site scripting vulnerability exists in Cisco Unified Communications Manager that stems from a failure to validate user input. An attacker could use this vulnerability to execute arbitrary...
Olive Diary DX vulnerable to cross-site scripting
Overview Olive Diary DX provided by Olive Design contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing the page parameter. Impact An artbitrary script may be executed on the user's web browser. Solution Do not use Olive Diary DX Olive Diary DX is no longer being develop...