Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Ken Asai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

WordPress Plugin CommentLuv - '_ajax_nonce' Cross-Site Scripting

source: https://www.securityfocus.com/bid/57771/info The CommentLuv plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

WordPress Plugin CommentLuv - _ajax_nonce Cross-Site Scripting

WordPress Plugin CommentLuv - ajaxnonce Cross-Site Scripting source: https://www.securityfocus.com/bid/57771/info The CommentLuv plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue...

WordPress Flashnews Theme - Multiple Input Validation Vulnerabilities

This Flashnews theme is prone to multiple input-validation vulnerabilities. An attacker to disclose sensitive information, execute arbitrary script code in the browser, cause denial-of-service conditions or steal cookie-based authentication credentials. Other attacks are also possible. Solution...

WordPress Plugin Audio Player - 'playerID' Cross-Site Scripting

source: https://www.securityfocus.com/bid/57848/info The Audio Player plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

WordPress Plugin Audio Player - playerID Cross-Site Scripting

WordPress Plugin Audio Player - playerID Cross-Site Scripting source: https://www.securityfocus.com/bid/57848/info The Audio Player plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue ...

[SECURITY] [DSA 2610-1] ganglia security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2610-1 [email protected] http://www.debian.org/security/ Yves-Alexis Perez January 21, 2013 http://www.debian.org/security/faq -...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Zingiri Web Shop plugin 2.4.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 page parameter in zing.inc.php or 2 notes parameter in fws/pages-front/onecheckout.php...

CVE-2012-6511

Multiple cross-site scripting XSS vulnerabilities in organizer/page/users.php in the Organizer plugin 1.2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 deleteid parameter or 2 extension parameter in an "Update Setting" action to wp-admin/admin.php...

WordPress Plugin WP-Table Reloaded - id Cross-Site Scripting

WordPress Plugin WP-Table Reloaded - id Cross-Site Scripting source: https://www.securityfocus.com/bid/57664/info The WP-Table Reloaded plugin for WordPress is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

WordPress Chocolate Theme - Multiple Security Vulnerabilities

The Chocolate Theme is prone to multiple security vulnerabilities. These vulnerabilities allow an attacker to cause denial-of-service conditions, execute arbitrary script code in the browser of an user in the context of the affected site or upload arbitrary files. Other attacks are also possible...

gpEasy CMS - section Cross-Site Scripting

gpEasy CMS - section Cross-Site Scripting source: https://www.securityfocus.com/bid/57522/info gpEasy CMS is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

WordPress Theme Chocolate WP - Multiple Vulnerabilities

WordPress Theme Chocolate WP - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/57541/info The Chocolate WP Theme for WordPress is prone to multiple security vulnerabilities. An attacker may leverage these issues to cause denial-of-service conditions, upload arbitrary files to t...

WordPress Theme Chocolate WP - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/57541/info The Chocolate WP Theme for WordPress is prone to multiple security vulnerabilities. An attacker may leverage these issues to cause denial-of-service conditions, upload arbitrary files to the affected computer, or execute arbitrary script code i...

myu-s / PHP WeblogSystem by netmania vulnerable to cross-site scripting

Overview myu-s and PHP WeblogSystem by netmania contain a cross-site scripting vulnerability. myu-s and PHP WeblogSystem by netmania provided by FLUGELz contain a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software...

Debian DSA-2610-1 : ganglia - arbitrary script execution

Insufficient input sanitization in Ganglia, a web-based monitoring system, could lead to remote PHP script execution with permissions of the user running the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

Debian Security Advisory DSA 2610-1 (ganglia - arbitrary script execution)

Insufficient input sanitization in Ganglia, a web based monitoring system, could lead to remote PHP script execution with permissions of the user running the web server. OpenVAS Vulnerability Test $Id: deb2610.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2610-1 using...

Cerberus FTP Server < 5.0.6.0 Multiple XSS

The version of Cerberus FTP server on the remote host is earlier than 5.0.6.0. As such, it is potentially affected by the following cross- site scripting vulnerabilities : - The user-supplied input for fields under administration 'Messages' tab are not validated before being returned to the user....

tinybrowser - &#039;type&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/57230/info TinyBrowser is prone to multiple vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

TinyBrowser - &#039;edit.php&#039; Directory Listing

source: https://www.securityfocus.com/bid/57230/info TinyBrowser is prone to multiple vulnerabilities. An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...