Security Bulletin: Security vulnerabilities have been fixed in IBM Security Identity Manager Virtual Appliance

Summary IBM Security Identity Manager Virtual Appliance ISIM VA has addressed the following vulnerabilities Vulnerability Details CVEID: CVE-2021-29682 DESCRIPTION: IBM Security Identity Manager could allow a remote attacker to obtain sensitive information when a detailed technical error message ...

IBM WebSphere Portal Multiple XSS Vulnerabilities

IBM WebSphere Portal is prone to multiple cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

AspDotNetStorefront 3.3 ReturnURL Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10507/info AspDotNetStorefront is prone to a cross-site scripting vulnerability. This issue exists due to insufficient sanitization of user-supplied data. The problem presents itself in the 'returnurl' parameter of the...

Eagle Software Aeries Student Information System 3.7.2.2/3.8.2.8 Labels.asp Term Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/27924/info Aeries Student Information System is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and an HTML-injection issue, because it fails to sufficiently sanitize...

Atom PhotoBlog 1.0.1/1.0.9AtomPhotoBlog.PHP Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/24363/info Atom PhotoBlog is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input data before rendering it in a user's browser. These issues include multiple...

Atmail WebMail - INBOX.Trash?mailId Reflected Cross-Site Scripting

Atmail WebMail - INBOX.Trash?mailId Reflected Cross-Site Scripting source: https://www.securityfocus.com/bid/65408/info Atmail is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

Cacti Unspecified SQL Injection and Cross Site Scripting Vulnerabilities

Cacti is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user- supplied data. Exploiting these issues could allow an attacker to steal cookie- based authentication credentials, compromise the application, access or modify...

Joostina 'index.php' Cross Site Scripting Vulnerability

Joostina is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

ViArt CMS - 'forum.php?forum_id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/36003/info ViArt CMS is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially...

ViArt Helpdesk - 'product_details.php?category_id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/42543/info ViArt Helpdesk is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in...

Active Bids - search SQL Injection

Active Bids - search SQL Injection source: https://www.securityfocus.com/bid/33306/info Active Auction House and Active Auction Pro are prone to SQL-injection and cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied data. Exploiting these issues could allo...

TorrentTrader 1.08 - msg HTML Injection

TorrentTrader 1.08 - msg HTML Injection source: https://www.securityfocus.com/bid/28082/info TorrentTrader is prone to an HTML-injection vulnerability because it fails to adequately sanitize user-supplied input. Attacker-supplied HTML or JavaScript code could run in the context of the affected...

PRO-Search 0.17 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/27126/info PRO-Search is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

eNdonesia 8.4 - 'mod.php?viewarticle Action artid' SQL Injection

source: https://www.securityfocus.com/bid/24590/info eNdonesia is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the...

vSpin Classified System 2004 - 'search.asp?minprice' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21190/info vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to sufficiently sanitize user-supplied data. Exploiting these issues could all...

GeoBlog MOD_1.0 - viewcat.php Cross-Site Scripting

GeoBlog MOD1.0 - viewcat.php Cross-Site Scripting source: https://www.securityfocus.com/bid/17784/info GeoBlog is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...