1046 matches found
soblacktie.com XSS vulnerability
Vulnerable URL: http://www.soblacktie.com/apps/search?s=%3C%2Ftitle%3E%3Cscript%3Ealert%27OPENBUGBOUNTY%27%3C%2Fscript%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 2488837 VIP...
PHPVibe Stored Cross-Site Scripting Vulnerability
PHPVibe is a video sharing content management system CMS. The system can be used to create video sharing websites. A stored cross-site scripting vulnerability exists in PHPVibe versions prior to 4.21. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
Accellion Kiteworks Cross-Site Scripting Vulnerability
Accellion Kiteworks is the leading private cloud platform for secure content. A cross-site scripting vulnerability exists in versions of Accellion Kiteworks prior to 2016.03.00 due to the program failing to properly filter user-supplied parameters. Allowing an attacker to exploit the vulnerabilit...
Accela Civic Platform Citizen Access portal cross-site scripting vulnerability
Accela Civic Platform Citizen Access portal is a web portal for citizens and government to connect and interact. Cross-site scripting vulnerabilities exist in the Accela Civic Platform Citizen Access portal. These vulnerabilities can be exploited by an attacker to steal cookie-based authenticatio...
ESF pfSense squid_clwarn.php Cross Site Scripting
A cross-site scripting vulnerability has been reported in squid package of Electric Sheep Fencing pfSense firewall. The vulnerability is due to insufficient validation of the url, source, user and virus variables in the squidclwarn.php page. By convincing a user to visit a malicious website, a...
WordPress Cross-Site Scripting Vulnerability (CNVD-2016-04366)
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Software Foundation. A cross-site scripting vulnerability exists in WordPress 4.5.2 and earlier versions, which can be exploited by an attacker to inject arbitrary web script or HTML with the help of an...
Apache Jetspeed Portal URI Path Cross-Site Scripting (CVE-2016-0712)
A cross-site scripting vulnerability exists in Apache Jetspeed 2. The vulnerability is due to insufficient validation of the URI path. A remote, unauthenticated attacker could exploit this vulnerability by enticing a victim user to visit a crafted web site. Successful exploitation allows the...
Apache Jetspeed PageManagementService Cross-Site Scripting (CVE-2016-0711)
A cross-site scripting vulnerability exists in Apache Jetspeed. The vulnerability is due to insufficient validation of user-supplied input. Successful exploitation allows the attacker to store arbitrary scripts on the vulnerable server and have them executed in the user's browser...
FreedomPop Account Hijacking Flaws Remain Unpatched
It took close to two months, but free wireless and mobile provider FreedomPop has acknowledged reports of a serious vulnerability in its service. U.K.-based researcher Paul Moore told Threatpost that FreedomPop, which has been operating in the U.K. since last September, finally responded to a bug...
Ignite Realtime Openfire group-summary.jsp Cross-Site Scripting (CVE-2015-6972)
A cross-site scripting vulnerability has been reported in Ignite Realtime Openfire Server. The vulnerability is due to insufficient validation of the "search" parameter within the group-summary.jsp page. By convincing an authenticated user to visit a malicious website, a remote attacker can explo...
Log-Chat vulnerable to cross-site scripting
Overview Log-Chat provided by Script contains a stored cross-site scripting vulnerability CWE-79. Masamu Asato of National Institute of Technology, Okinawa College reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...
Multiple Cross-Site Scripting Vulnerabilities in Cisco Emergency Responder
Cisco Emergency Responder's real-time location-address tracking database and enhanced routing capabilities can transfer emergency calls directly to the appropriate Public Safety Answering Point PASP based on the caller's location. Cisco Emergency Responder 11.5 0.99833.5 suffers from multiple...
CVE-2016-1309
Multiple cross-site scripting XSS vulnerabilities in Cisco WebEx Meetings Server 2.5.1.5 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy01843...
CVE-2016-1293
Multiple cross-site scripting XSS vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414...
WePay: Unauthenticated Stored XSS in API Panel
There is an unauthenticated stored XSS in the API Panel of the app administration e.g. https://stage.wepay.com/apps/manage/12873/apikeys When an user is created via the API, the call log does not sanitize the output correctly see screenshot 1. So it is possible to execute arbitrary scripts in the...
applican vulnerable to script injection
Overview applican provided by Newphoria Corporation Inc. is a platform to build hybrid applications for both iOS and Android. applican is vulnerable to script injection due to an issue in processing SSID. Note that this vulnerability is different from JVN64625488. Kenta Suefusa and Tomonori Shiom...
WordPress WP Rollback plugin cross-site scripting vulnerability
WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports in PHP and MySQL server set up a personal blog site . WP Rollback is one of the theme rollback plugin . A cross-site scripting vulnerability exists in the WordPress W...
CVE-2015-5371
The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors...
Authentication flaw
The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors...
CVE-2015-5371
The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors...