[SECURITY] [DLA 255-1] cacti security update

Package : cacti Version : 0.8.7g-1+squeeze6 CVE ID : CVE-2015-2665 CVE-2015-4342 CVE-2015-4454 Several vulnerabilities cross-site scripting and SQL injection have been discovered in Cacti, a web interface for graphing of monitoring systems. We recommend that you upgrade your cacti packages...

Multiple Cross-Site Scripting Vulnerabilities in SilverStripe CMS & Framework

SilverStripe CMS & Framework is a CMS content management system. SilverStripe CMS & Framework has multiple cross-site scripting vulnerabilities that can be exploited by attackers to inject arbitrary web script or HTML...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the web interface in Airties RT-210 allow remote attackers to inject arbitrary web script or HTML via the 1 ddnsdomainame or 2 ddnsaccount parameter to ddns.stm...

CVE-2015-3935

Multiple cross-site scripting XSS vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the Business Search searchnom field to 1 htdocs/societe/societe.php or 2 htdocs/societe/admin/societe.php...

WordPress plugin wp-smiley HTML injection vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports setting up personal blog sites on servers with PHP and MySQL. wp-smiley is one of the plugins used to customize the emoticon icon. An HTML injection vulnerability exists in the...

Zenphoto vulnerable to cross-site scripting

Overview Zenphoto is a content management system CMS. Zenphoto contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing encoded user-supplied input. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

Google Chrome Cross-Site Scripting Vulnerability (CNVD-2015-03343)

Google Chrome is a web browser developed by the American company Google Google. A cross-site scripting vulnerability exists in versions of Google Chrome prior to 43.0.2357.65. This vulnerability allows remote attackers to inject arbitrary web script or HTML...

WordPress Content Slide Plugin HTML Injection Vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . Content Slide is one of the plugin used to create a fully customizable jquery Fading image slideshow . An HTML...

Amazon App Store Cross-Site Scripting Vulnerability

The Amazon App Store is a set of application stores from Amazon.com, Inc. in the United States. A cross-site scripting vulnerability exists in Amazon App Store. An attacker can exploit the vulnerability to execute arbitrary script code in the browser of a trusted user in the context of the affect...

EasyCTF vulnerable to cross-site scripting

Overview EasyCTF is a server side CGI used to score CTF Capture The Flag. EasyCTF contains a cross-site scripting vulnerability CWE-79 that can be leveraged by an attacker created account. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

JVN#26860747: TransmitMail vulnerable to cross-site scripting

TransmitMail is a PHP based mail form. TransmitMail contains a cross-site scripting CWE-79 vulnerability due to the processing of file names. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the informatio...

MediaWiki cross-site scripting vulnerability (CNVD-2015-02415)

MediaWiki is a Wiki program. A cross-site scripting vulnerability exists in MediaWiki. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML with the help of a custom JavaScript file...

Berta CMS Arbitrary File Upload Vulnerability

Berta CMS is prone to a file upload vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla Firefox Restricts Bypass Privilege Access Vulnerability

Mozilla Firefox is a web browser released by Mozilla. A restriction bypass privilege access vulnerability exists in Mozilla Firefox. The vulnerability allows remote attackers to bypass security restrictions by navigating through certain content to execute arbitrary script code with chrome...

Hulihan Applications Amethyst HTML Injection Vulnerability

Hulihan Applications Amethyst is a U.S. Hulihan Applications, Inc. based on Ruby on Rails a set of open-source Web application framework based on the Ruby language of the open-source blog application . An HTML injection vulnerability exists in Hulihan Applications Amethyst, which stems from the...

phpBB BBCode IMG Tag script injection vulnerability

phpBB is phpBB group developed a set of open source and PHP-based Web forum software . The software has support for multiple languages , multiple databases and customized layout and so on. A script injection vulnerability exists in phpBB because the program fails to adequately filter user-submitt...

Multiple cross-site scripting vulnerabilities in MyBB (CNVD-2015-01882)

MyBB is a PHP-based forum program. Multiple cross-site scripting vulnerabilities exist in versions of MyBB prior to 1.8.4, which can be exploited by remote attackers to inject arbitrary Web script or HTML...

eXtplorer vulnerable to cross-site scripting

Overview eXtplorer is a web-based file manager. eXtplorer contains multiple cross-site scripting vulnerabilities. Yuji Tounai of NTT COM Security reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

Cisco Unified Web Interaction Manager Cross-Site Scripting Vulnerability

A vulnerability in Cisco Unified Web Interaction Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to a lack of input sanitization of the Cisco Unified Web...

CVE-2015-2069

Cross-site scripting XSS vulnerability in the WooCommerce plugin before 2.2.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING in the wc-reports page to wp-admin/admin.php...