2049 matches found
SAP HANA Cockpit Cross-Site Scripting Vulnerability
SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions, users can directly query and analyze a large amount of real-time business data. A cross-site scripting vulnerability exists in SAP HANA. As the program fails to properly filter...
Cisco AsyncOS Software for Email Security Appliances Cross-Site Scripting Vulnerability
Cisco AsyncOS Software for Email Security Appliances ESA is a set of operating systems used in Email Security Appliances ESA from Cisco USA. A cross-site scripting vulnerability exists in Cisco AsyncOS Software for ESA that stems from a failure to adequately filter user-submitted input. An attack...
Unspecified Security Bypass Vulnerability in Drupal JavaScript Callback Handler
Drupal is the Drupal community maintained by a set of free , open source content management system developed in PHP language . JavaScript Callback Handler is an efficient Ajax Callback module . An unspecified security bypass vulnerability exists in the Drupal JavaScript Callback Handler module. A...
WNC01WH vulnerable to stored cross-site scripting
Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a stored cross-site scripting vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
CG-WLR300NX vulnerable to cross-site scripting
Overview CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site scripting vulnerability CWE-79. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
Multiple IBM Rational Products Cross-Site Scripting Vulnerabilities
IBM Rational Team Concert and Rational Collaborative Lifecycle Management are collaborative lifecycle management solutions from IBM USA.IBM Rational DOORS Next Generation RDNG is a requirements management solution from IBM USA. IBM Rational Engineering Lifecycle Manager is a suite of engineering...
Magento CMS Flash File Upload Cross-Site Scripting Vulnerability
Magento CMS is an open source PHP e-commerce content management system CMS of the United States Magento company . The system provides rights management , search engine and payment gateway and other functions . An upload cross-site scripting vulnerability exists in Magento CMS Flash files, which c...
"Schedule" function in Cybozu Office vulnerable to cross-site scripting
Overview Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability. Kusano Kazuhiko reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated...
BaserCMS cross-site scripting vulnerability (CNVD-2016-08858)
baserCMS is an enterprise-level content management system CMS. A cross-site scripting vulnerability exists in baserCMS 3.0.10 and prior versions, which stems from the program failing to adequately filter user-submitted input. The vulnerability allows an attacker to steal cookie-based authenticati...
JVN#92765814: Multiple vulnerabilities in baserCMS
baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugins "Blog", "Mail", "Feed", and "Uploader" contain the following vulnerabilities. Cross-site request forgery CWE-352 - CVE-2016-4879, CVE-2016-4881, CVE-2016-4884, CVE-2016-4885,...
Drupal Core Cross-Site Scripting Vulnerability (CNVD-2016-08263)
Drupal is a free and open source content management system developed in PHP. A cross-site scripting vulnerability exists in Drupal Core that allows an attacker to steal cookie-based authentication credentials, obtain sensitive information, and execute arbitrary script code in the context of the...
Splunk Enterprise and Splunk Light vulnerable to cross-site scripting
Overview Splunk Enterprise and Splunk Light contain a cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN71462075. Noriaki Iwasaki of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
TYPO3 'mso/idna-convert' Library Cross-Site Scripting Vulnerability
TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3 'mso/idna-convert'. Because the program fails to filter user-supplied input, an attacker could exploit the vulnerability to execute arbitrary...
TYPO3 'data:' URL Scheme Cross-Site Scripting Vulnerability
TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in TYPO3. Because the program fails to properly filter user-supplied input, an attacker may be able to exploit the vulnerability to execute arbitrary...
WordPress plugin Border Loading Bar cross-site scripting vulnerability (CNVD-2016-07112)
WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in the WordPress plugin Border Loading Bar allows attackers to exploit t...
WordPress plugin Border Loading Bar cross-site scripting vulnerability (CNVD-2016-07111)
WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability in the WordPress plugin Border Loading Bar allows attackers to exploit t...
ownCloud Desktop Client Local Command Injection Vulnerability
The ownCloud Desktop Client is a desktop client for connecting to OwnCloud servers. The ownCloud Desktop Client local command injection vulnerability allows an attacker to exploit the vulnerability to execute arbitrary script code in the context of an affected application...
Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2016-06713)
Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, etc. and supports free switching among three languages Chinese, Japanese, and English. A cross-site scripting vulnerability exists in...
simple chat vulnerable to cross-site scripting
Overview simple chat provided by Let's PHP! contains a cross-site scripting vulnerability CWE-79. Yuji Tounai of NTT Communications Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...
ClipBucket cross-site scripting vulnerability (CNVD-2016-06481)
ClipBucket is an open source video sharing software developed by Arslan team. The software allows you to share videos to video sites and supports the lights off effect when watching a movie. ClipBucket suffers from a cross-site scripting vulnerability. Because the program fails to properly filter...