7613 matches found
WordPress Page Builder Plugin <= 2.0.3 - Reflected XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
CVE-2014-8028
Cisco Secure ACS (Access Control Server) is affected by multiple cross-site scripting (XSS) vulnerabilities in its web framework. The issue stems from insufficient input validation of several parameters passed to the web server, allowing remote attackers to craft links that persuade users to exec...
Multiple Cross-Site Scripting Vulnerabilities in Zurmo CRM
Zurmo CRM is the United States Zurmo company's set of open source PHP-based customer relationship management system CRM. Multiple cross-site scripting vulnerabilities exist in Zurmo CRM because it fails to properly filter user-supplied input. An attacker could potentially exploit these...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in SAP NetWeaver Business Client NWBC for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 title or 2 roundtrips parameter, aka SAP Security Note 2051285...
Multiple Cross-Site Scripting Vulnerabilities in amCharts Flash
amCharts is a company dedicated to the development of charting components, located in Vilnius, the capital of Lithuania, which started launching charting and mapping components in 2004. Multiple cross-site scripting vulnerabilities exist in amCharts Flash, allowing remote attackers to inject...
CVE-2014-9439
Cross-site scripting XSS vulnerability in Easy File Sharing Web Server 6.8 allows remote attackers to inject arbitrary web script or HTML via the username field during registration, which is not properly handled by forum.ghp...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in amMap 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the 1 datafile or 2 settingsfile parameter to ammap.swf, or 3 the datafile parameter to amtimeline.swf...
CVE-2014-6132
Cross-site scripting XSS vulnerability in the Web UI in IBM WebSphere Service Registry and Repository WSRR 6.3 through 6.3.0.5, 7.0.x through 7.0.0.5, 7.5.x through 7.5.0.4, 8.0.x before 8.0.0.3, and 8.5.x before 8.5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via...
WBS Gantt-Chart for JIRA vulnerable to cross-site scripting
Overview WBS Gantt-Chart for JIRA provided by Ricksoft Inc. is an add-on for JIRA which provides WBS Work Breakdown Structure and Gantt-Chart features. WBS Gantt-Chart for JIRA contains a flaw in output page generation, which may lead to cross-site scripting CWE-79. Note that this vulnerability i...
WordPress gSlideShow 0.1 CSRF / XSS
Title: CSRF / Stored XSS Vulnerability in gSlideShow Wordpress Plugin Author: Manideep K CVE-ID: CVE 2014-9391 Plugin Homepage: https://wordpress.org/plugins/gslideshow/ Version Affected: 0.1 probably lower versions Severity: High Description: Vulnerable Parameter: 1 id:rssid , name:rss 2...
WordPress Twitter LiveBlog 1.1.2 CSRF / XSS
Title: CSRF / Stored XSS Vulnerability in Twitter LiveBlog Wordpress Plugin Author: Manideep K CVE-ID: CVE-2014-9398 Plugin Homepage: https://wordpress.org/plugins/twitter-liveblog/ Version Affected: 1.1.2 probably lower versions Severity: High Description: Vulnerable Parameter:...
IceHrm < 7.2 Multiple Vulnerabilities - Active Check
IceHrm is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
WordPress yURL ReTwitt WP 1.4 CSRF / XSS
Title: CSRF/XSS Vulnerability in yURL ReTwitt WP Plugin Author: Manideep K CVE-ID: CVE-2014-9341 Plugin Homepage: https://wordpress.org/plugins/yurl-retwitt/ Version Affected: 1.4 probably lower versions Severity: High About Plugin: This plugin will allow your readers to publish a RT Re-Twitt on...
VMware vCenter Server Appliance Unspecified XSS (VMSA-2014-0012)
The version of VMware vCenter Server Appliance installed on the remote host is 5.1 prior to Update 3. It is, therefore, affected by an unspecified cross-site scripting vulnerability. A remote attacker can exploit this by means of a specially crafted URL or malicious web page, which can result in...
i-HTTPD vulnerable to cross-site scripting
Overview i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in generating a directory index page, which may lead to a cross-site scripting CWE-79. Note that this vulnerability is different from JVN87910097. Yamagata of webappsec.jp reported this vulnerability to IPA. JPCERT/CC coordinat...
WordPress PWG Random Plugin <= 1.11 - Multiple Vulnerabilities
This plugin is prone to a cross site scripting and cross site request forgery attacks. The attackers can insert arbitrary script into admin page. Once exploited, admin’s browser can be made to do almost anything the admin user could typically do by hijacking admin's cookies . Parameters...
JVN#98097877: "Omake BBS" of i-HTTPD vulnerable to cross-site scripting
i-HTTPD is a web server for Windows. i-HTTPD contains "Omake BBS". "Omake BBS" contains a flaw in processing input character string, which may result in a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use...
Microsoft Internet Explorer XSS Filter CVE-2014-6328 Security Bypass Vulnerability
Description Microsoft Internet Explorer is prone to a security-bypass vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. An attacker can exploit this issue to execute arbitrary script...
CVE-2014-8600
Multiple cross-site scripting XSS vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the 1 zip, 2 trash, 3 tar, 4 thumbnail, 5 smtps, 6 smtp, 7 smb...
Splunk Enterprise 5.0.x < 5.0.10 / 6.1.x < 6.1.4 Multiple Vulnerabilities
According to its version number, the Splunk Enterprise hosted on the remote web server is 5.0.x prior to 5.0.10 or 6.1.x prior to 6.1.4. It is, therefore, affected by the following vulnerabilities : - The included OpenSSL library contains a TLS downgrade weakness. By using fragmented ClientHello...