http-file-server cross-site scripting vulnerability

http-file-server is an HTTP file server. A cross-site scripting vulnerability exists in http-file-server all versions. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to execute client-side code...

CentOS Web Panel Cross-Site Scripting Vulnerability

CentOS Web Panel CWP is a free web hosting control panel. A cross-site scripting vulnerability exists in the filemanager2.php file the 'fmcurrentdir' parameter in CWP version 0.9.8.846. The vulnerability stems from a lack of proper validation of client data by the WEB application. An attacker can...

Ahsay Systems Cloud Backup Suite Cross-Site Scripting Vulnerability

Ahsay Systems Cloud Backup Suite is a cloud-based backup software suite from Ahsay Systems. A cross-site scripting vulnerability exists in the Alias field in Ahsay Systems Cloud Backup Suite versions prior to 8.1.1.50. The vulnerability stems from a lack of proper validation of client data by the...

MISP Cross-Site Scripting Vulnerability (CNVD-2020-22366)

MISP is an open source software solution. The product is used to collect, store, distribute and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. MISP suffers from a cross-site scripting vulnerability. The vulnerability stems from a lac...

WordPress Email Subscribers&Newsletters Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Email Subscribers&Newsletters is one of the plug-ins used to push news and information. A cross-site scripting vulnerability exists in...

GNUBOARD5 Cross-Site Scripting Vulnerability (CNVD-2019-24242)

GNUBOARD5 is a Web forum system based on PHP and MySQL. A cross-site scripting vulnerability exists in GNUBOARD5 version 5.3.1.9. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side...

GNUBOARD5 Cross-Site Scripting Vulnerability (CNVD-2019-24256)

GNUBOARD5 is a Web forum system based on PHP and MySQL. A cross-site scripting vulnerability exists in GNUBOARD5 version 5.3.1.9. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side...

GNUBOARD5 Cross-Site Scripting Vulnerability (CNVD-2019-24213)

GNUBOARD5 is a Web forum system based on PHP and MySQL. A cross-site scripting vulnerability exists in GNUBOARD5 version 5.3.1.9. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side...

McAfee Data Loss Prevention Endpoint Cross-Site Scripting Vulnerability

McAfee Data Loss Prevention Endpoint DLPe is an integrated endpoint data protection solution from McAfee. The solution prevents theft and accidental disclosure of confidential data and provides security policies for file handling and transmission, shared endpoint data flow control and data...

Frog CMS Cross-Site Scripting Vulnerability (CNVD-2019-23999)

Frog CMS is a Content Management System CMS developed by Philippe Archambault Software Developers. The system provides tools for page templates, user rights management and document management. A cross-site scripting vulnerability exists in Snippets in Frog CMS version 1.1. The vulnerability stems...

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2019-29581)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A cross-site scripting vulnerability exists in Mozilla Firefox versions prior to 68. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can...

WordPress CampTix Event Ticketing Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.CampTix Event Ticketing is a ticketing system plugin used in it. WordPress CampTix Event Ticketing has a cross-site scripting...

Firefly III Cross-Site Scripting Vulnerability (CNVD-2019-30775)

Firefly III is an open source personal financial management system. A cross-site scripting vulnerability exists in Firefly III versions prior to 4.7.17.3, which can be exploited by an attacker to execute client-side code...

Cross-Site Scripting Vulnerability in Multiple AudioCodes Products

AudioCodes Mediant 500L-MSBR and so on are products of AudioCodes Israel.AudioCodes Mediant 500L-MSBR is a 500L series all-in-one SOHO/SMB router.AudioCodes Mediant 500-MSBR is a 500 The AudioCodes Mediant 500-MSBR is a 500L series all-in-one SOHO/SMB router. A cross-site scripting vulnerability...

EspoCRM Cross-Site Scripting Vulnerability (CNVD-2019-30787)

EspoCRM is an open source web-based customer relationship management CRM system. The system provides features such as sales automation, community and customer support. A cross-site scripting vulnerability exists in EspoCRM versions prior to 5.6.4, which can be exploited by remote attackers to...

Teclib GLPI Cross-Site Scripting Vulnerability

Teclib GLPI is an open source IT asset management suite from the French company Teclib. The suite includes features such as device status management, asset inventory storage, management processes and work log management. A cross-site scripting vulnerability exists in the...

Apache Roller Cross-Site Scripting Vulnerability (CNVD-2019-23302)

Apache Roller is the U.S. Apache Apache Software Foundation's set of Java-based multi-user open source blogging system. A cross-site scripting vulnerability exists in Apache Roller versions 5.2.2, 5.2.1 and 5.2. The vulnerability stems from the WEB application's lack of proper validation of...

Tenda D301 Cross-Site Scripting Vulnerability

Tenda D301 is a wireless router from Tenda China. A cross-site scripting vulnerability exists in Tenda D301 v2. The vulnerability stems from the lack of proper validation of client data by a web application. An attacker can exploit this vulnerability to execute client-side code...

Trape Cross-Site Scripting Vulnerability (CNVD-2019-22229)

Trape is a suite of open source Internet tracking and identification tools. The tool is capable of remotely identifying sessions and simulating phishing attacks. A cross-site scripting vulnerability exists in the static/js/trape.js file in Trape 2019-05-08 and earlier versions. The vulnerability...

F5 BIG-IP Cross-Site Scripting Vulnerability (CNVD-2019-30620)

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A cross-site scripting vulnerability exists in the AFM feed list in the F5 BIG-IP AFM and ASM, which can be exploited by an...