493 matches found
CVE-2017-12298
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...
CVE-2017-12296
A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...
Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability
A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...
CVE-2017-6762
A vulnerability in the web-based management interface of Cisco Jabber Guest Server 10.69, 11.00, and 11.01 could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of the affected software. The vulnerability ...
Cisco Web Security Appliance Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Web Security Appliance WSA could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...
Patch Tuesday - July 2017
Most of the critical vulnerabilities patched this month concern client-side systems, with 14 separate Remote Code Execution RCE issues being addressed for the Microsoft Edge browser and five for Internet Explorer. One of the three Adobe Flash Player vulnerabilities being patched is also a critica...
Cisco Prime Infrastructure and Evolved Programmable Network Manager DOM Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Prime Infrastructure PI and Evolved Programmable Network Manager EPNM could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM based environment or client-side cross-site scripting XSS attack against a us...
Cisco SocialMiner Cross-Site Scripting Vulnerability
A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation. An attacker could exploit th...
Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerabilities
A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some...
Adobe Flash Player Memory Corruption Vulnerability (CNVD-2017-10263)
Adobe Flash Player is a cross-platform, browser-based multimedia player product from Adobe. The product supports cross-screen and browser viewing of applications, content and videos. A memory corruption vulnerability exists in Adobe Flash Player. A remote attacker could exploit this vulnerability...
Adobe Flash Player Arbitrary Code Execution Vulnerability (CNVD-2017-10258)
Adobe Flash Player is a cross-platform, browser-based multimedia player product from Adobe. The product supports cross-screen and browser viewing of applications, content and videos. A security vulnerability exists in Adobe Flash Player. A remote attacker could exploit this vulnerability to execu...
Adobe Flash Player Memory Corruption Vulnerability (CNVD-2017-10259)
Adobe Flash Player is a cross-platform, browser-based multimedia player product from Adobe. The product supports cross-screen and browser viewing of applications, content and videos. A memory corruption vulnerability exists in Adobe Flash Player. A remote attacker could exploit this vulnerability...
Cisco Email Security Appliance Message Tracking Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. SPDX-FileCopyrightText: 2017 Greenbo...
Cisco Email Security and Content Security Management Appliance Message Tracking Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Email Security Appliance ESA and Cisco Content Security Management Appliance SMA could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an...
[SECURITY] Fedora 24 Update: roundcubemail-1.2.5-1.fc24
RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...
Horde Groupware Webmail 3 / 4 / 5 Code Execution
Source: https://blogs.securiteam.com/index.php/archives/3107 Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in Horde Groupware Webmail. Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can read, send and...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due t...
LastPass Password Manager and then exposed a serious vulnerability, the browser-based Password Manager can also be used? - Vulnerability warning-the black bar safety net
No use cryptographic software before, we easily forget the password; use password software, we“reluctantly”leak the All password. LastPass, the popular password management software, recently again broke security vulnerabilities. Security personnel found in LastPass Chrome and Firefox 4.1.42 versi...
Cross site scripting
A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially...
CVE-2016-9169
The vulnerability CVE-2016-9169 affects the web console of the Document Viewer Agent in Novell GroupWise (older than 2014 R2 Support Pack 1 Hot Patch 2). It is a reflected XSS where a remote attacker can entice a user to click a crafted link, enabling JavaScript execution in the user’s browser se...