7613 matches found
Fumy News Clipper vulnerable to cross-site scripting
Overview Fumy News Clipper provided by Nishishi Factory contains a cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the...
WordPress Plugin Geo Mashup Cross-Site Scripting Vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Geo Mashup, as it fails to properly filter user-supplied...
CVE-2015-1422
Multiple cross-site scripting XSS vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 horder, 2 jakcatid, 3 jakcontent, 4 jakcss, 5 jakdeletelog, 6 jakemail, 7 jakextfile, 8 jakfile, 9 jakhookshow, 10 jakimg, 11 jakjavascript, 12...
Multiple Cross-Site Scripting Vulnerabilities in IBM Dojo Toolkit
IBM Dojo Toolkit is IBM sponsored with the javascript language implementation of open source DHTML toolkit . IBM Dojo Toolkit has multiple cross-site scripting vulnerabilities that could allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
QPR Portal HTML Injection Vulnerability
QPR Software Suite is a suite of business management and performance management products from the Finnish company QPR Software.QPR Portal is one of the portal products that provides features such as full-screen mode to introduce integrated navigation options, copy schematic location links and ope...
MediaWiki Hovercards Extension < 1.24 XSS Vulnerability (Jan 2015) - Active Check
The Hovercards extension for MediaWiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CP...
MediaWiki TemplateSandbox Extension < 1.24 XSS Vulnerability (Jan 2015) - Active Check
The TemplateSandbox extension for MediaWiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...
Exponent CMS 'index.php' Cross-Site Scripting Vulnerability
Exponent CMS is open source content management system. A cross-site scripting vulnerability exists in Exponent CMS 'index.php' because it fails to properly filter user-supplied input. An attacker may be able to exploit this vulnerability to execute arbitrary script code in an unsuspecting user's...
CVE-2015-1204
Cross-site scripting XSS vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fsresource parameter in the wp-slim-view-2 page to wp-admin/admin.php...
Multiple Cross-Site Scripting Vulnerabilities in Drupal Video Module
Drupal is a free and open source content management system developed in PHP. Multiple cross-site scripting vulnerabilities exist in the Drupal Video module because it fails to properly filter user-supplied input. An attacker could potentially exploit these vulnerabilities to execute arbitrary...
Multiple Cross-Site Scripting Vulnerabilities in Drupal Room Reservations Module
Drupal is a free and open source content management system developed in PHP. Multiple cross-site scripting vulnerabilities exist in the Drupal Room Reservations module because it fails to properly filter user-supplied input. An attacker could use these vulnerabilities to execute arbitrary script...
Django 'django.util.http.is_safe_url()' cross-site scripting vulnerability
Django is an open source web application framework written in Python . A cross-site scripting vulnerability exists in Django 'django.util.http.issafeurl' because it fails to properly filter user-supplied input. An attacker could exploit this issue to execute arbitrary script code in the browser o...
Cross site scripting
Cross-site scripting XSS vulnerability in the Pods plugin before 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action in the pods page to wp-admin/admin.php...
Fork CMS 'loadForm()' Function Cross-Site Scripting Vulnerability
Fork CMS is a CMS system developed in PHP. A cross-site scripting vulnerability exists in the Fork CMS 'loadForm' function due to the program failing to properly filter user-supplied input. An attacker could use this vulnerability to execute arbitrary script code or steal cookie-based...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in question.php in the mTouch Quiz before 3.0.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the quiz parameter to wp-admin/edit.php...
CVE-2014-100006
Multiple cross-site scripting XSS vulnerabilities in modulesv3/googlemap/wtv3streetview.php in webtrees before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the 1 map, 2 streetview, or 3 reset parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Maian Weblog 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 name, 2 email, or 3 subject parameter in a contact action to index.php...
WordPress Photocrati Theme - Cross Site Scripting
Because of this vulnerability in photocrati-gallery/ecomm-sizes.php, the attackers can inject arbitrary web script or HTML via the "prodid" parameter. Solution Update the theme...
Drupal Field Display Label Module Cross-Site Scripting Vulnerability
Drupal is a free and open source content management system developed in PHP. A cross-site scripting vulnerability exists in the Drupal Field Display Label module because it fails to properly filter user-supplied input. An attacker may be able to exploit this vulnerability to execute arbitrary...