7613 matches found
EC-CUBE vulnerable to cross-site scripting
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN07192063. Ren Hirasawa of Gehirn Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...
EC-CUBE vulnerable to cross-site scripting
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN98665228. Daiki Ishimori of Gehirn Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...
JVN#07192063: EC-CUBE vulnerable to cross-site scripting
EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN98665228. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the update ...
Arbitrary Script Injection
Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Arbitrary Script Injection due to improper sanitization of the $event object passed to the native constructor functions. That isn't protected by the fast pat...
Arbitrary Script Injection
Overview Affected versions of this package are vulnerable to Arbitrary Script Injection due to improper sanitization of the $event object passed to the native constructor functions. That isn't protected by the fast paths in $parse. Remediation Upgrade angularjs to version 1.1.5 or higher...
Cross site scripting
Cross-site scripting XSS vulnerability in the phptemplatepreprocessnode function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name...
Novell ZENworks Mobile Management Local File Include Vulnerability
Novell ZENworks Mobile Management is prone to a local file include vulnerability because it fails to adequately validate user-supplied input. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...
WordPress Theme Ambience - src Cross-Site Scripting
WordPress Theme Ambience - src Cross-Site Scripting source: https://www.securityfocus.com/bid/60458/info The Ambience theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...
Telaen 2.7.x - Cross-Site Scripting
source: https://www.securityfocus.com/bid/60288/info Telaen is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
Elastix - Multiple Cross-Site Scripting Vulnerabilities
Elastix - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/60262/info Elastix is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code i...
WordPress ADIF Log Search Widget Plugin - Cross Site Scripting
WordPressADIF Log Search Widget plugin's "logbooksearch.php" is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker c...
Matterdaddy Market - Multiple Vulnerabilities
Matterdaddy Market - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/60150/info Matterdaddy Market is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary...
Matterdaddy Market - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/60150/info Matterdaddy Market is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary script code, upload arbitrary files, steal...
EC-CUBE vulnerable to cross-site scripting
Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in handling the output of parameters, which may result in cross-site scripting. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with th...
Show In Browser Gem for Ruby /tmp/browser.html Arbitrary Script Injection
Show In Browser Gem for Ruby contains a flaw that is triggered when the application does not validate input passed via the /tmp/browser.html file. This may allow a local attacker to create a specially crafted request that would execute arbitrary script code in a user's browser...
Jojo CMS - 'search' Cross-Site Scripting
source: https://www.securityfocus.com/bid/59933/info Jojo CMS is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...
Open Flash Chart - 'get-data' Cross-Site Scripting
source: https://www.securityfocus.com/bid/59928/info Open Flash Chart is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
WordPress Plugin Securimage-WP - 'siwp_test.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/59816/info The Securimage-WP plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
CVE-2013-3526
Cross-site scripting XSS vulnerability in js/taloaded.js.php in the Traffic Analyzer plugin, possibly 3.3.2 and earlier, for WordPress allows remote attackers to inject arbitrary web script or HTML via the aoid parameter...
Securimage - 'example_form.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/59796/info Securimage is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal...