PT-2020-9161 · Geutebruck · Geutebruck Ip Cameras G-Cam +1

Name of the Vulnerable Software and Affected Versions: Geutebruck IP Cameras G-CodeEEC-2xxx versions 1.12.0.25 and prior Geutebruck IP Cameras G-CamEBC-21xx/EFD-22xx/ETHC-22xx/EWPC-22xx versions 1.12.0.25 and prior Description: The issue allows a remote authenticated attacker with access to event...

Cross site scripting

Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter function. An attacker could exploit this via user interaction to execute code in the user's browser...

Philips e-Alert Cross-Site Scripting Vulnerability

Philips e-Alert is an electronic alert solution for MRI systems from Philips in the Netherlands, which is used to monitor and alert on MRI system performance. A cross-site scripting vulnerability exists in Philips e-Alert R2.1 and prior versions. An attacker can exploit this vulnerability to...

Multiple vulnerabilities in Jenkins Global Build Stats plugin (CNVD-2018-15256)

Jenkins is the open source automation server.Jenkins provides numerous plug-ins that support building, deploying, and automating projects.Global Build is a plug-in that allows two different geographically located Jenkins to automatically trigger each other to work. The Jenkins Global Build Stats...

Easy Hosting Control Panel Cross-Site Scripting Vulnerability

Easy Hosting Control Panel EHCP is an open source hosting control panel that is used to manage domains, emails, ftp users and more. A cross-site scripting vulnerability exists in EHCP version 0.37.12.b. The vulnerability stems from the program failing to properly validate user input. A remote...

MediaWiki SyntaxHighlight Extended HTML Injection Vulnerability

MediaWiki is a free, web-based wiki engine developed and maintained by the Wikimedia Foundation and MediaWiki volunteers for the deployment of in-house knowledge management and content management systems. An HTML injection vulnerability exists in the MediaWiki SyntaxHighlight extension, which ste...

PowerDNS Authoritative Server Module Cross-Site Scripting Vulnerability

PowerDNS Recursive Server is a high-end name resolution server. A cross-site scripting vulnerability exists in PowerDNS Recursor 4.0.6 and earlier versions, which can be exploited by an attacker to execute arbitrary code in a user's browser at an affected site...

Red Hat Satellite Cross-Site Scripting Vulnerability

Red Hat Satellite is a suite of system management platforms from Red Hat, Inc. that can be used to extend Linux infrastructures and provide system management functions such as administration, configuration, and monitoring. A cross-site scripting vulnerability exists in Red Hat Satellite, which...

Fixing HPKP with Certificate Constraints

This is the third post in my series on HPKP. In my first post I declared HPKP dead, and in my second post I explored the possibility of fixing it by introducing pin revocation. Today I will consider an entirely different approach to make HPKP much safer, by changing how it’s activated. In my...

Apache Atlas Cross-Site Scripting Vulnerability (CNVD-2017-27441)

Apache Atlas is a set of scalable and extensible core functional governance services from the Apache USA Software Foundation. A cross-site scripting vulnerability exists in Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating. An attacker could exploit this vulnerability to execute arbitra...

WordPress Arabic Font Plugin Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Arabic Font plugin. An attacker can exploit this vulnerability t...

WordPress IBPS Online Exam Plugin Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress IBPS Online Exam plugin. An attacker can exploit this...

phpbb Cross Site Scripting Vulnerability

phpBB is phpBB group developed a set of open-source use of PHP language development of Web forum software . The software has support for multiple languages , support for multiple databases and customized layout and so on. phpBB has a cross-site scripting vulnerability. Attackers can use this...

Fortinet Fortiweb Cross-Site Scripting Vulnerability (CNVD-2017-10372)

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...

Cross site scripting

A Cross-Site Scripting XSS was discovered in pi-engine/pi 2.5.0. The vulnerability exists due to insufficient filtration of user-supplied data preview passed to the "pi-develop/www/script/editor/markitup/preview/markdown.php" URL. An attacker could execute arbitrary HTML and script code in a...

Cross site scripting

Multiple Cross-Site Scripting XSS were discovered in SLiMS 7 Cendana before 2017-03-16. The vulnerabilities exist due to insufficient filtration of user-supplied data id passed to the 'slims7cendana-master/template/default/detailtemplate.php' and...

CVE-2017-6533

A Cross-Site Scripting XSS issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data benchmark passed to the webpagetest-master/www/benchmarks/view.php URL. An attacker could execute arbitrary HTML and script code in a browser in the...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2017-01513)

Cisco IOS is a popular Internet operating system.Cisco Unified Communications Manager is a call-processing component of the Cisco IP telephony solution. A cross-site scripting vulnerability exists in Cisco Unified Communications Manager that stems from a failure to adequately validate user input...

IBM Maximo Asset Management Cross-Site Scripting Vulnerability (CNVD-2016-11328)

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A cross-site...

Google Chrome PDFium heap buffer overflow vulnerability (CNVD-2016-07206)

Google Chrome is the United States Google Google company developed a Web browser. PDFium is one of the open source PDF rendering engine. A heap buffer overflow vulnerability exists in PDFium in versions of Google Chrome prior to 53.0.2785.89. An attacker could exploit this vulnerability to execut...