Fiyo CMS HTML Injection Vulnerability

Fiyo CMS is a content management system CMS for creating CMS templates. An HTML injection vulnerability exists in Fiyo CMS that stems from the program's failure to adequately filter user-submitted input. When a user browses the affected site, their browser will execute arbitrary HTML or script co...

Imgur: Persistent XSS in image title

When adding a title to uploaded images, one can insert XSS into the title which is then executed for anyone viewing the image. PoC contains a harmless XSS: http://imgur.com/bSZwUBG&rAmpN4O How to recreate: 1. Open the Image Options page for an album. 2. Press "Add Title / Description" 3. Enter so...

JVN#67540183: Simple Oekaki BBS vulnerable to cross-site scripting

Simple Oekaki BBS provided by LEMON-S PHP contains a persistent cross-site scripting CWE-79 vulnerability due to the processing of oekakis parameter in index.php. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version...

Chamilo LMS Cross-Site Scripting Vulnerability

Chamilo LMS is an open source online learning and collaboration system developed by the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. Chamilo LMS suffers from a cross-site scripting vulnerability that ste...

Kallithea Code Injection Vulnerability

Kallithea, a project under the US-based Software Freedom Conservancy organization, is a free source code management system. The system supports Mercurial and Git version control systems, hosting code, managing access control, and more. A code injection vulnerability exists in versions prior to...

Moxa SoftCMS RTSPVIDEO.rtspvideoCtrl.1 ActiveX Stack Buffer Overflow Vulnerability

Moxa SoftCMS is a set of centralized management software for large-scale surveillance systems developed by Moxa. The software supports real-time video surveillance, video playback and event management. A stack buffer overflow vulnerability exists in the RTSPVIDEO.rtspvideoCtrl.1 ActiveX control o...

Palo Alto Traps Server Persistent Cross-Site Scripting Vulnerability

Palo Alto Traps is an advanced endpoint protection package that detects attacks like memory corruption and DLL hijacking. A cross-site scripting vulnerability exists in Palo Alto Traps when handling SOAP requests with embedded JavaScript, which can be exploited by an attacker to execute arbitrary...

Drupal Mover Module Cross-Site Scripting Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Mover is one of the modules used to provide content movement between Drupal sites. A cross-site scripting vulnerability exists in the Drupal Mover module that stems from the program's...

JVN#91016415: Maroyaka Relay Novel vulnerable to cross-site scripting

Maroyaka Relay Novel provided by Maroyaka CGI is a CGI script for posting text into a website. Maroyaka Relay Novel contains a persistent cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...

QPR Portal HTML Injection Vulnerability

QPR Software Suite is a suite of business management and performance management products from the Finnish company QPR Software.QPR Portal is one of the portal products that provides features such as full-screen mode to introduce integrated navigation options, copy schematic location links and ope...

Mango Automation SCADA/HMI 2.4.0 Cross Site Scripting

CVE-2015-1179-xss-mango-automation-scada Information ----------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in Mango Automation SCADA/HMI software Affected Software : Mango Automation Affected Versions: 2.4.0 and possibly below Vendor Homepage : http://infiniteautomation.com/...

EventSentry 3.1.0 Cross Site Scripting

CVE-2015-1180-xss-eventsentry Information ---------------- Advisory by Octogence. Name: Reflected XSS Vulnerability in EventSentry Web Reports Interface Affected Software : EventSentry Affected Versions: 3.1.0 and possibly below Vendor Homepage : http://eventsentry.com/ Vulnerability Type :...

Multiple Cross-Site Scripting Vulnerabilities in Cisco Identity Services Engine (CNVD-2015-00393)

Cisco Identity Services Engine A centralized policy engine for Cisco TrustSec solutions. Multiple cross-site scripting vulnerabilities exist in the Cisco Identity Services Engine because it fails to properly filter user-supplied input. An attacker could exploit these issues to execute arbitrary...

WordPress plugin Frontend Uploader 'errors' parameter cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Frontend Uploader 'errors' parameter of the WordPress plugin because it...

AllMyGuests 0.4.1 XSS / SQL Injection / Insecure Cookie Handling

AllMyGuests0.4.1 Multi Vulnerability ==================================== Author : indoushka Vondor : http://www.php-resource.net/ Dork: powered by AllMyGuests © 2003, voice of web ========================== php info : http://localhost/AllMyGuests0.4.1/tools/phpinfo.php Cross site scripting also...

obotix IP Camera M1 1.9.4 .7/M10 2.0.5 .2 help Script XSS

No description provided by source. source: http://www.securityfocus.com/bid/18022/info The Mobotix IP camera is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the device to properly sanitize user-supplied input. An attacker may leverage these issues t...

Jax PHP Scripts 1.0/1.34/2.14/3.31 dwt_editor.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/14481/info Jax PHP Scripts are affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage any of the...

PostNuke 0.6x/0.7x Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/18819/info PostNuke is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before displaying it to users of the application. An attacker may leverage these issu...

Ekinboard 1.0.3 Profile.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15447/info Ekinboard is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scri...

Active Auction House account.asp ReturnURL Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/13036/info Active Auction House is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...