EUVD-2022-4154

Malicious code in bioql PyPI...

Dassault Systèmes ENOVIA Collaborative Industry Innovator 安全漏洞

Dassault Systèmes ENOVIA Collaborative Industry Innovator is an essential toolset for real-time, secure and structured collaboration and product content management for an engineering team at Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes ENOVIA Collaborative Indust...

EC-CUBE 安全漏洞

EC-CUBE is an open source e-commerce system from the Japanese company EC-CUBE. A security vulnerability exists in EC-CUBE that stems from the presence of an Accept External Untrusted Data and Trusted Data vulnerability, where an attacker who gains administrative privileges may be able to install...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2022-68894)

A cross-site scripting vulnerability exists in Cisco Firepower Management Center FMC, a next-generation firewall management center software from Cisco. The vulnerability stems from a Web management interface that does not adequately authenticate user input. An authenticated remote attacker could...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2022-68893)

A cross-site scripting vulnerability exists in Cisco Firepower Management Center FMC, a next-generation firewall management center software from Cisco. The vulnerability stems from a Web management interface that does not adequately authenticate user input. An authenticated remote attacker could...

Cisco Security Manager Cross-Site Scripting Vulnerability (CNVD-2022-06379)

Cisco Security Manager CSM is a set of enterprise-class management applications from Cisco USA that are used to configure firewall, VPN, and intrusion protection security services on Cisco networks and security devices.Cisco Security Manager is vulnerable to a cross-site scripting vulnerability...

Moodle HTML Injection Vulnerability (CNVD-2017-00905)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. Moodle suffers from an HTML injection vulnerability due to the program failing to...

ManageEngine ADSelfService Plus < 5.3 Build 5313 PasswordSelfServiceAPI XSS

The ManageEngine ADSelfService Plus application running on the remote host is affected by a cross-site scripting XSS vulnerability in PasswordSelfServiceAPI due to improper sanitization of user-supplied input to the 'PSSOPERATION' parameter. An unauthenticated, remote attacker can exploit this, v...

EMC M&R (Watch4net) Alerting Frontend XSS

------------------------------------------------------------------------ Cross-Site Scripting vulnerability in EMC M&R Watch4net Alerting Frontend ------------------------------------------------------------------------ Han Sahin, November 2014...

CVE-2014-7139

Multiple cross-site scripting XSS vulnerabilities in the Contact Form DB aka CFDB and contact-form-7-to-database-extension plugin before 2.8.16 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 form or 2 enc parameter in the CF7DBPluginShortCodeBuilder page to...

WordPress Inline Gallery 'do' Parameter Cross-site Scripting Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

WordPress PHP Speedy Plugin 'title' Parameter Cross Site Scripting Vulnerability

WordPress PHP Speedy Plugin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

WordPress IWantOneButton 'post_id' Parameter Cross-site Scripting Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

WordPress RSS Feed Reader Plugin 'rss_url' Parameter Cross Site Scripting Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

MoinMoin 'Despam' Action Cross-Site Scripting Vulnerability

This host is running MoinMoin Wiki and is prone to Cross-Site Scripting vulnerability. OpenVAS Vulnerability Test $Id: gbmoinmoinwikixssvuln.nasl 5306 2017-02-16 09:00:16Z teissa $ MoinMoin 'Despam' Action Cross Site Scripting Vulnerability Authors: Antu Sanadi Copyright: Copyright c 2010 Greenbo...

ELOG Remote Buffer Overflow and Cross Site Scripting Vulnerabilities

This host has ELOG installed and is prone multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodelogmultvuln.nasl 5055 2017-01-20 14:08:39Z teissa $ ELOG Remote Buffer Overflow and Cross Site Scripting Vulnerabilities Authors: Antu Sanadi Copyright: Copyright c 2009 SecPod,...

CORE-2009-0109 - Multiple XSS in Sun Communications Express

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Multiple XSS in Sun Communications Express 1. Advisory Information Title: Multiple XSS in Sun Communications Express Advisory ID: CORE-2009-0109 Advisory URL:...

Gentoo Security Advisory GLSA 200506-12 (mediawiki)

The remote host is missing updates announced in advisory GLSA 200506-12. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability

Adobe Presenter is prone to a cross-site scripting CSS vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

lotusquickr-xss.txt

description:Lotus Quickr, announced at Lotusphere 2007, is an evolution of Lotus QuickPlace ,The software use a weak xss filter that an attacker can bypass this xss filter. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to ...