7613 matches found
WordPress Source Theme - Cross Site Scripting
This WordPress theme is prone to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary script or HTML. Solution Update the theme...
WordPress SimpleDark Theme <= 1.2.10 - XSS
This WordPress theme is prone to a cross-site scripting XSS vulnerability via "s" parameter. It allows remote attackers to inject arbitrary script or HTML. Solution Update the theme...
WordPress Allure Real Estate Theme <= 0.1.1 - XSS
This WordPress theme is prone to a cross-site scripting XSS vulnerability in "in ZeroClipboard.swf". It allows remote attackers to inject arbitrary script or HTML. Solution Update the theme...
WordPress Upscale Theme - XSS
This WordPress theme is prone to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary script or HTML. Solution Update the theme...
JVN#85748534: PerlMailer vulnerable to cross-site scripting
PerlMailer from Homepage Decorator is a mail form CGI which is used to send mail from a form on a web page. PerlMailer CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest upda...
CMSimple 4.4.4 - 'color' Remote Code Execution
source: https://www.securityfocus.com/bid/68961/info CMSimple is prone to multiple security vulnerabilities including: 1. Multiple arbitrary PHP code-execution vulnerabilities 2. A weak authentication security-bypass vulnerability 3. Multiple security vulnerabilities An attacker can exploit these...
CMSimple - Default Administrator Credentials
source: https://www.securityfocus.com/bid/68961/info CMSimple is prone to multiple security vulnerabilities including: 1. Multiple arbitrary PHP code-execution vulnerabilities 2. A weak authentication security-bypass vulnerability 3. Multiple security vulnerabilities An attacker can exploit these...
CVE-2014-4955
Cross-site scripting XSS vulnerability in the PMATRIgetRowForList function in libraries/rte/rtelist.lib.php in phpMyAdmin 4.0.x before 4.0.10.1, 4.1.x before 4.1.14.2, and 4.2.x before 4.2.6 allows remote authenticated users to inject arbitrary web script or HTML via a crafted trigger name that i...
Cybozu Garoon vulnerable to cross-site scritping
Overview Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Notices portlet", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution...
WeBid - Multiple Cross-Site Scripting LDAP Injection Vulnerabilities
WeBid - Multiple Cross-Site Scripting LDAP Injection Vulnerabilities source: https://www.securityfocus.com/bid/68519/info WeBid is prone to multiple cross-site-scripting vulnerabilities and an LDAP injection vulnerability. An attacker may leverage these issues to compromise the application, acces...
ownCloud Multiple Vulnerabilities-04 (Jul 2014)
ownCloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; if description...
CVE-2014-4591
Cross-site scripting XSS vulnerability in picasaupload.php in the WP-Picasa-Image plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the postid parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in pages/3DComplete.php in the WooCommerce SagePay Direct Payment Gateway plugin before 0.1.6.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 MD or 2 PARes parameter...
CVE-2014-4565
Multiple cross-site scripting XSS vulnerabilities in vcc.js.php in the Verification Code for Comments plugin 2.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 vp, 2 vs, 3 l, 4 vu, or 5 vm parameter...
CVE-2014-4687
pfSense is affected by CVE-2014-4687: multiple XSS vulnerabilities in pfSense before 2.1.4. Exploitable via five vectors: (1) starttime0 parameter in firewall_schedule.php, (2) rssfeed parameter in rss.widget.php, (3) servicestatusfilter parameter in services_status.widget.php, (4) txtRecallBuffe...
Toms Gästebuch 1.00 form.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/25507/info Toms Gästebuch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...
AIOCP 1.3.x cp_forum_view.php choosed_language Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal...
Pre ASP Job Board 'emp_login.asp' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/32572/info Pre ASP Job Board is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the brows...
Mobilelib Gold Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/21817/info Mobilelib GOLD is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script co...
Clickbank Portal 'search.php' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/31438/info Clickbank Portal is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browse...