CVE-2018-0465 Cisco Small Business 300 Series Managed Switches Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected system. The vulnerability exists because the affect...

Cisco Webex Centers Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Webex Events Center, Cisco Webex Meeting Center, Cisco Webex Support Center, and Cisco Webex Training Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based...

Sql injection

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The employee and sortorder parameter can be used to perform an SQL injection attack. An attacker can use a browser ...

Sql injection

An exploitable SQL injection vulnerability exists in the authenticated part of ERPNext v10.1.6. Specially crafted web requests can cause SQL injections resulting in data compromise. The orderby parameter can be used to perform an SQL injection attack. An attacker can use a browser to trigger thes...

Cisco Data Center Network Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the management interface on an affected device. The vulnerability is due to insufficient...

Cross site scripting

A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker...

CVE-2018-0386

A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker...

Cisco Unified Communications Domain Manager Reflected Cross-Site Scripting Vulnerability

A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker...

CVE-2018-0411

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due...

CoinHive URL Shortener Abused to Secretly Mine Cryptocurrency Using Hacked Sites

Security researchers have been warning about a new malicious campaign that leverages an alternative scheme to mine cryptocurrencies without directly injecting the infamous CoinHive JavaScript into thousands of hacked websites. Coinhive is a popular browser-based service that offers website owners...

CVE-2018-0149

A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based DOM-based, stored cross-site scripting XSS attack against a us...

CVE-2018-0149

A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based DOM-based, stored cross-site scripting XSS attack against a us...

Cisco Integrated Management Controller Supervisor and Cisco UCS Director DOM Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based DOM-based, stored cross-site scripting XSS attack against a us...

Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting

I. VULNERABILITY ------------------------- Ruckus Brocade ICX7450-48 Reflected Cross Site Scripting II. CVE REFERENCE ------------------------- CVE-2018-11027 III. VENDOR HOMEPAGE ------------------------- https://www.ruckuswireless.com IV. DESCRIPTION ------------------------- Ruckus Brocade...

Design/Logic Flaw

DISPUTED Liferay 6.2.x and before has an FCKeditor configuration that allows an attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment via a browser/liferay/browser.html?Type= or...

[SECURITY] Fedora 26 Update: roundcubemail-1.3.6-1.fc26

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Cross site scripting

A vulnerability in Cisco WebEx Connect IM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affect...

CVE-2018-0276

A vulnerability in Cisco WebEx Connect IM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affect...

Cisco WebEx Connect IM Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Connect IM could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the affect...

CVE-2018-0188

Multiple vulnerabilities in the web-based user interface web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation...