2049 matches found
Drupal Trick Question module cross-site scripting vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Trick Question is one of the CAPTCHA type spam defense modules. A cross-site scripting vulnerability exists in the Drupal Trick Question module. The vulnerability is due to the program...
Multiple Cross-Site Scripting Vulnerabilities in PHP Address Book
PHP Address Book is a simple Web-based address book , contact management application developed in PHP . PHP Address Book suffers from multiple cross-site scripting vulnerabilities that could be exploited by an attacker to execute arbitrary web script or HTML in the context of an affected site...
Loxone Smart Home HTML Injection Vulnerability
Loxone Smart Home is a WEB-based application. Loxone Smart Home suffers from an HTML injection vulnerability that could be exploited by an attacker to execute arbitrary HTML script and code in the context of the affected application...
Maroyaka Image Album vulnerable to cross-site scripting
Overview Maroyaka Image Album provided by Maroyaka CGI is a CGI script for placing image files within a website. Maroyaka Image Album contains a cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
Maroyaka Simple Board vulnerable to cross-site scripting
Overview Maroyaka Simple Board provided by Maroyaka CGI is a CGI script for posting text into a website. Maroyaka Simple Board contains a persistent cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...
Fortinet FortiAuthenticator Appliance Cross-Site Scripting Vulnerability Vulnerability
Fortinet FortiAuthenticator is a family of secure authentication software from Fortinet that can be combined with FortiToken two-factor authentication token to provide secure two-factor authentication to third-party devices authenticated via RADIUS or LDAP. The Fortinet FortiAuthenticator Applian...
Fumy News Clipper vulnerable to cross-site scripting
Overview Fumy News Clipper provided by Nishishi Factory contains a cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the...
Exponent CMS 'index.php' Cross-Site Scripting Vulnerability
Exponent CMS is open source content management system. A cross-site scripting vulnerability exists in Exponent CMS 'index.php' because it fails to properly filter user-supplied input. An attacker may be able to exploit this vulnerability to execute arbitrary script code in an unsuspecting user's...
Multiple Cross-Site Scripting Vulnerabilities in Drupal Video Module
Drupal is a free and open source content management system developed in PHP. Multiple cross-site scripting vulnerabilities exist in the Drupal Video module because it fails to properly filter user-supplied input. An attacker could potentially exploit these vulnerabilities to execute arbitrary...
Multiple Cross-Site Scripting Vulnerabilities in Drupal Room Reservations Module
Drupal is a free and open source content management system developed in PHP. Multiple cross-site scripting vulnerabilities exist in the Drupal Room Reservations module because it fails to properly filter user-supplied input. An attacker could use these vulnerabilities to execute arbitrary script...
Fork CMS 'loadForm()' Function Cross-Site Scripting Vulnerability
Fork CMS is a CMS system developed in PHP. A cross-site scripting vulnerability exists in the Fork CMS 'loadForm' function due to the program failing to properly filter user-supplied input. An attacker could use this vulnerability to execute arbitrary script code or steal cookie-based...
Drupal Field Display Label Module Cross-Site Scripting Vulnerability
Drupal is a free and open source content management system developed in PHP. A cross-site scripting vulnerability exists in the Drupal Field Display Label module because it fails to properly filter user-supplied input. An attacker may be able to exploit this vulnerability to execute arbitrary...
Multiple Cross-Site Scripting Vulnerabilities in Zurmo CRM
Zurmo CRM is the United States Zurmo company's set of open source PHP-based customer relationship management system CRM. Multiple cross-site scripting vulnerabilities exist in Zurmo CRM because it fails to properly filter user-supplied input. An attacker could potentially exploit these...
WBS Gantt-Chart for JIRA vulnerable to cross-site scripting
Overview WBS Gantt-Chart for JIRA provided by Ricksoft Inc. is an add-on for JIRA which provides WBS Work Breakdown Structure and Gantt-Chart features. WBS Gantt-Chart for JIRA contains a flaw in output page generation, which may lead to cross-site scripting CWE-79. Note that this vulnerability i...
i-HTTPD vulnerable to cross-site scripting
Overview i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in generating a directory index page, which may lead to a cross-site scripting CWE-79. Note that this vulnerability is different from JVN87910097. Yamagata of webappsec.jp reported this vulnerability to IPA. JPCERT/CC coordinat...
LittleSite 0.1 Local File Include Vulnerability
Exploit for php platform in category web applications source: http://www.securityfocus.com/bid/43495/info LittleSite is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...
Help Page in multiple Adobe products vulnerable to cross-site scripting
Overview The Help page provided in multiple Adobe products contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be...
Piwigo vulnerable to cross-site scripting
Overview Piwigo is a software to manage and host image files on the web. Piwigo contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...
JVN#85748534: PerlMailer vulnerable to cross-site scripting
PerlMailer from Homepage Decorator is a mail form CGI which is used to send mail from a form on a web page. PerlMailer CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest upda...
Ashwebstudio Ashnews 0.83 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16426/info Ashnews is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...