7613 matches found
Drupal Trick Question module cross-site scripting vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Trick Question is one of the CAPTCHA type spam defense modules. A cross-site scripting vulnerability exists in the Drupal Trick Question module. The vulnerability is due to the program...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Ultimate PHP Board aka myUPB before 2.2.8 allow remote attackers to inject arbitrary web script or HTML via the 1 q parameter to search.php or 2 avatar parameter to profile.php...
Multiple Cross-Site Scripting Vulnerabilities in PHP Address Book
PHP Address Book is a simple Web-based address book , contact management application developed in PHP . PHP Address Book suffers from multiple cross-site scripting vulnerabilities that could be exploited by an attacker to execute arbitrary web script or HTML in the context of an affected site...
Loxone Smart Home HTML Injection Vulnerability
Loxone Smart Home is a WEB-based application. Loxone Smart Home suffers from an HTML injection vulnerability that could be exploited by an attacker to execute arbitrary HTML script and code in the context of the affected application...
WordPress Ninja Forms Plugin <= 2.8.8 - Multiple XSS
Because of these vulnerabilities, the attackers can inject arbitrary web script or HTML via the "ninjaformsfield1" parameter in a ninjaformsajaxsubmit action to wp-admin/admin-ajax.php. Also, multiple cross site scripting vulnerabilities allow the administrators to inject arbitrary web script or...
Maroyaka Image Album vulnerable to cross-site scripting
Overview Maroyaka Image Album provided by Maroyaka CGI is a CGI script for placing image files within a website. Maroyaka Image Album contains a cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...
Maroyaka Simple Board vulnerable to cross-site scripting
Overview Maroyaka Simple Board provided by Maroyaka CGI is a CGI script for posting text into a website. Maroyaka Simple Board contains a persistent cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...
Cisco Unified Web Interaction Manager Cross-Site Scripting Vulnerability
A vulnerability in Cisco Unified Web Interaction Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to a lack of input sanitization of the Cisco Unified Web...
Adminsystems CMS Multiple Vulnerabilities
Adminsystems CMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
InstantASP InstantForum.NET Multiple Cross-Site Scripting Vulnerabilities
InstantASP InstantForum.NET is prone to multiple cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
CVE-2015-2069
Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING in the wc-reports page to wp-admin/admin.php...
CVE-2014-9468
InstantASP InstantForum.NET has multiple XSS vulnerabilities (CVE-2014-9468) affecting versions 4.1.3, 4.1.2, 4.1.1, 4.0.0, 4.1.0 and 3.4.0. The issue is a reflected cross-site scripting vulnerability: attacker-supplied input in the SessionID parameter is echoed in Join.aspx or Logon.aspx, enabli...
u5CMS Cross-Site Scripting Vulnerability
u5CMS is a content management system CMS based on PHP, MySQL and Apache for medium-sized websites, conferences, audit processes, PayPal payments and online surveys. The system supports WYSIWYG editor, creating survey forms and data storage. A cross-site scripting vulnerability exists in u5CMS. Th...
Drupal Ajax Timeline Module Cross-Site Scripting Vulnerability
Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A cross-site scripting vulnerability exists in the Drupal Ajax Timeline module due to the program failing to properly filter user-supplied input. An attacker could use thi...
Fortinet FortiGate XSS Vulnerability (FG-IR-14-003)
FortiOS as used in FortiGate is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Fortinet FortiWeb Multiple XSS Vulnerabilities (FG-IR-14-012)
Fortinet FortiWeb is prone to multiple reflective cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE...
Fortinet FortiAnalyzer Multiple XSS Vulnerabilities (FG-IR-14-033)
Fortinet FortiAnalyzer is prone to multiple cross-site- scripting XSS vulnerabilities because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...
DotNetNuke Cross-Site Scripting Vulnerability (CNVD-2015-01010)
DotNetNuke DNN is a set of U.S. DNN company supported by Microsoft , based on the ASP.NET platform for open source content management system CMS. The system is easy to install , scalable , feature-rich and so on. DotNetNuke DNN suffers from a cross-site scripting vulnerability. A remote attacker...
Novell eDirectory iMonitor Multiple Vulnerabilities (Feb 2015)
Novell eDirectory is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:netiq:edirectory";...
Fortinet FortiAuthenticator Appliance Cross-Site Scripting Vulnerability Vulnerability
Fortinet FortiAuthenticator is a family of secure authentication software from Fortinet that can be combined with FortiToken two-factor authentication token to provide secure two-factor authentication to third-party devices authenticated via RADIUS or LDAP. The Fortinet FortiAuthenticator Applian...