Stored Cross-Site Scripting Vulnerability in DocCMS

Rice husk enterprise building system, also known as rice husk cms, doccms, formerly known as deep throat enterprise building system ShlCms, is the industry's leading free open source enterprise website building system, enterprise website generation system. DocCMS 2016 version of a stored cross-si...

Fortinet FortiOS Cross-Site Scripting Vulnerability (CNVD-2017-26263)

Fortinet FortiOS is the United States Fita Fortinet company developed a set of dedicated to FortiGate network security platform on the security operating system. A cross-site scripting vulnerability exists in Fortinet FortiOS. A remote attacker could exploit this vulnerability to execute arbitrar...

atmail Cross-Site Scripting Vulnerability

atmail is an open source WebMail client from Australia's atmail company , which provides a Webmail interface , address book management , calendars and other features , and supports IMAP, video mail and so on. A cross-site scripting vulnerability exists in versions of atmail prior to 7.8.0.2. A...

WordPress Download Manager plugin cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Download Manager plugin. A remote attacker can...

Sophos Cyberoam - Cross-site scripting

Sophos Cyberoam - Cross-site scripting Exploit Title: Sophos Cyberoam – Cross-site scripting XSS vulnerability Date: 25/05/2017 Exploit Author: Bhadresh Patel Version: = Firmware Version 10.6.4 CVE : CVE-2016-9834 This is an article with video tutorial for Sophos Cyberoam – Cross-site scripting X...

WordPress Cross-Site Scripting Vulnerability (CNVD-2017-07304)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress versions prior to 4.7.5. A remote attacker can explo...

Empirical Project Monitor - eXtended vulnerable to cross-site scripting

Overview Empirical Project Monitor - eXtended provided by INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN IPA contains a stored cross-site scripting vulnerability CWE-79. Note that this vulnerability is different from JVN11326581. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. report...

The installer of SOY CMS vulnerable to cross-site scripting

Overview SOY CMS provided by Nippon Institute of Agroinformatics Ltd. is a Contents Management System CMS. The installer of SOY CMS contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameter. Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this...

indiacom.com XSS vulnerability

Vulnerable URL: http://www.indiacom.com/yellow-pages/hospitals-eye-care/rourkela/?pincode=1%22/%3E%3CsvG%20onLoad=alert%28/OPENBUGBOUNTY/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...

CVE-2017-2140

Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory...

CVE-2016-1155

HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies...

CVE-2016-1155

The CVE-2016-1155 entry concerns an HTTP header injection vulnerability in the URLConnection class across Android OS versions 2.2–6.0. The root cause is HTTP header injection that enables a remote attacker to execute arbitrary scripts or set arbitrary values in cookies. Public references in the c...

CVE-2016-1155

HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies...

CVE-2017-3125

An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker...

CVE-2017-3125

An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker...

CVE-2017-3125

An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker...

Tablacus Explorer vulnerable to script injection

Overview Tablacus Explorer is a tabbled file manager. Tablacus Explorer contains a script injection vulnerability due to improper handling of directory names. Touma Hatano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Unauthenticated XSS (Cross Site Scripting) in FortiMail

An unauthenticated XSS vulnerability could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker...

OneThird CMS vulnerable to cross-site scripting

Overview OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability CWE-79 due to an issue in processing the language selection screen. Note that this vulnerability is different from JVN13003724. Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this...

Hardcoded credentials

Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML pag...