2049 matches found
Geeklog IVYWE edition contains a cross-site scripting vulnerability
Overview Geeklog is an open source content management system CMS. Geeklog IVYWE edition contains a cross-site scripting CWE-79 vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
ClipBucket vulnerable to cross-site scripting
Overview Clipbucket is open source video sharing script. ClipBucket contains a cross-site scripting CWE-79 vulnerability. Yoshinori Matsumoto of Kobe Digital Labo, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnershi...
Foreman HTML Injection Vulnerability
Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. An HTML injection vulnerability exists in Foreman, which arises from the program's failure to adequately...
Multiple Vulnerabilities in Cube Digital Media Neoscreen
The Cube Digital Media Neoscreen is a smart display from the French company Cube Digital Media. A security vulnerability exists in Cube Digital Media Neoscreen version 4.5. An attacker can exploit this vulnerability to execute arbitrary script code in the context of an affected site, steal...
Huawei ISM Professional Cross-Site Scripting Vulnerability
Huawei ISM is a suite of device management software, cloud storage management software, and network storage management software from Huawei, China.Huawei ISM Professional is the professional version of Huawei ISM. A cross-site scripting vulnerability exists in Huawei ISM Professional that...
Multiple cross-site scripting vulnerabilities in phpMyAdmin (CNVD-2016-04309)
phpmyadmin is an online management tool for MySQL databases. A cross-site scripting vulnerability exists in phpmyadmin versions 4.4.x and 4.6.x in the user permissions page and the user group function, which can be exploited by an attacker to execute arbitrary scripts across sites...
ZeewaysCMS Multiple Vulnerabilities
ZeewaysCMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zeewayscms:zeeway"; ifdescriptio...
Trend Micro Internet Security vulnerable to arbitrary script execution
Overview Trend Micro Internet Security provided by Trend Micro Incorporated contains a vulnerability that may allow arbitrary script execution. According to the developer, attempts to exploit the vulnerability will not succeed from external networks when the default settings are used. Trend Micro...
JVN#48789425: Trend Micro Internet Security multiple vulnerabilities
Trend Micro Internet Security provided by Trend Micro Incorporated contains the following vulnerabilities. Access Restriction Flaw - CVE-2016-1225 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 5.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:N/A:N| Base...
WordPress plugin "Markdown on Save Improved" vulnerable to cross-site scripting
Overview The WordPress plugin "Markdown on Save Improved" contains a stored cross-site scripting CWE-79 vulnerability. Kenta Yamamoto of Cryptography Laboratory,Department of Information and Communication Engineering, Graduate School of Tokyo Denki University reported this vulnerability to IPA...
HumHub vulnerable to cross-site scripting
Overview HumHub is a software framework for developing a social networking service SNS. HumHub contains a cross-site scripting vulnerability. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...
a-blog cms vulnerable to cross-site scripting
Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a cross-site scripting vulnerability in the standard template of the comment functionality. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...
WN-G300R Series vulnerable to cross-site scripting
Overview WN-G300R Series provided by I-O DATA DEVICE, INC. contains a cross-site scripting vulnerability. WN-G300R Series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R Series contains a stored cross-site scripting vulnerability CWE-79. Satoshi Ogawa of Mitsui Bussan Secure...
baserCMS plugin "Recruit Plugin" vulnerable to cross-site scripting
Overview baserCMS plugin "Recruit Plugin" contains a cross-site scripting vulnerability. CWE-79 Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
Disc Organization System (DORG) Multiple Vulnerabilities
Disc Organization System DORG is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dorg:dorg";...
Microsoft Producer for Microsoft Office PowerPoint vulnerable to cross-site scripting
Overview Microsoft Producer for Microsoft Office PowerPoint may create a web page which contains a DOM-based cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Microsoft Producer for Microsoft Office PowerPoint...
Vine MV vulnerable to cross-site scripting
Overview Vine MV contains a cross-site scripting vulnerability CWE-79. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the user's web browser. Solution Updat...
HOME SPOT CUBE vulnerable to cross-site scripting
Overview HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains a cross-site scripting vulnerability. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
OcProducts OcPortal 'FIELD_NAME' Parameter Cross-Site Scripting Vulnerability
OcProducts ocPortal is an open source PHP and MySQL based Content Management System CMS from OcProducts. A cross-site scripting vulnerability exists in OcProducts OcPortal. An attacker can exploit this vulnerability to execute arbitrary script code, steal cookie-based authentication and launch...
Void vulnerable to cross-site scripting
Overview Void is an open source content management system CMS. Void contains a cross-site scripting vulnerability CWE-79. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA under Information Security Early Warning Partnership. Impact An arbitrary script may be...