Cybozu Garoon Cross-Site Scripting Vulnerability (CNVD-2020-26662)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A cross-site scripting vulnerability exists in Cybozu Garoon 'E-mail'. An attacker can exploit the vulnerability ...

CloudBees Jenkins Gatling Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company a set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing project and some timed execution of the task . A cross-site scripting...

CVE-2020-5219

Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...

CVE-2020-5219

Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...

Remote code execution

Angular Expressions before version 1.0.1 has a remote code execution vulnerability if you call expressions.compileuserControlledInput where userControlledInput is text that comes from user input. If running angular-expressions in the browser, an attacker could run any browser script when the...

php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request

A cross-site scripting XSS vulnerability in Apache2 component of PHP was found. When using 'Transfer-Encoding: chunked', the request allows remote attackers to potentially run a malicious script in a victim's browser. This vulnerability can be exploited only by producing malformed requests and it...

D-LINK Central WifiManager (CWM 100) 1.03 r0098 Server-Side Request Forgery Vulnerability

Using a web browser or script server-side request forgery SSRF can be initiated against internal/external systems to conduct port scans by leveraging D-LINK's MailConnect component. The MailConnect feature on D-Link Central WiFiManager CWM-100 version 1.03 r0098 devices is intended to check a...

WordPress plugin Pie Register cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Pie Register, which can be exploited by an attacker to...

HScripts PHP File Browser Script Path Traversal Vulnerability

HScripts PHP File Browser Script is a file browser script that is used to display, search and browse folders. A directory traversal vulnerability exists in the index.php file in version 1.0 of HScripts PHP File Browser Script. The vulnerability can be exploited to read all files with known names...

PHP File Browser Script 1 - Directory Traversal

PHP File Browser Script 1 - Directory Traversal Exploit Title: PHP File Browser Script 1 - Directory Traversal Dork: N/A Date: 2018-09-03 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.hscripts.com/scripts/php/file-browser.php Software...

PHP File Browser Script 1 Directory Traversal

Exploit Title: PHP File Browser Script 1 - Directory Traversal Dork: N/A Date: 2018-09-03 Exploit Author: Azkan Mustafa AkkuA AkkuS Vendor Homepage: https://www.hscripts.com/scripts/php/file-browser.php Software Link:https://www.hscripts.com/scripts/php/downloads/file-browser-demo.zip Version: 1....

WordPress FV Flowplayer Video Player Plugin Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Cross-site scripting vulnerability in the WordPress FV Flowplayer Video Player plugin can be exploited by an attacker to...

CVE-2018-11090

An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within "ProxyPage.aspx" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site...

CVE-2018-1000154

Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page CWE-80 vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script code on users browser...

SAP Process Monitoring Infrastructure Cross-Site Scripting Vulnerability

SAP Process Monitoring Infrastructure PMI is a process monitoring infrastructure from SAP. The product has an IT environment monitoring, system monitoring and process monitoring and other functions. A cross-site scripting vulnerability exists in SAP PMI, which stems from the program failing to...

SAP Business Objects Business Intelligence Platform Cross-Site Scripting Vulnerability

SAP Business Objects Business Intelligence Platform is a set of business intelligence software and enterprise performance management platform from SAP. The platform provides reporting, performance management and data base functions. A cross-site scripting vulnerability exists in SAP Business...

IBM WebSphere Portal Cross-Site Scripting Vulnerability (CNVD-2018-05492 )

IBM WebSphere Portal consists of middleware, applications called portlets and development tools for building and managing secure business-to-business B2B, business-to-customer B2C and business-to-employee B2E portals. A cross-site scripting vulnerability exists in IBM WebSphere Portal, which coul...

Multiple vulnerabilities in multiple Buffalo broadband routers

Overview BBR-4HG and BBR-4MG provided by BUFFALO INC. are wireless LAN routers. BBR-4HG and BBR-4MG contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2017-10896 Improper Input Validation CWE-20 - CVE-2017-10897 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions,...

D-Link DSL-2740E HTML Injection Vulnerability

The D-Link DSL-2740E is a wireless router product from AUO D-Link. A security vulnerability exists in the D-Link DSL-2740E version 1.00BG20150720, which originates from the program failing to properly filter user-submitted input. A remote attacker can exploit the vulnerability to execute arbitrar...

Redis Cross-Site Scripting Vulnerability

Redis is the United States Redis Labs, Inc. sponsored by a set of open source using ANSI C written to support the network , can be based on memory can also be a persistent log-type , key-value Key-Value storage database, and provides a variety of languages API. A cross-site scripting vulnerabilit...