CloudBees Jenkins ElectricFlow Plugin Cross-Site Scripting Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . ElectricFlow Plugin is used in one of the...

Moxa AWK-3121 Cross-Site Scripting Vulnerability

Moxa AWK-3121 is an industrial-grade wireless access point from Moxa Taiwan, China. A cross-site scripting vulnerability exists in the 'iwboarddeviceName' parameter in the Moxa AWK-3121 version 1.19, which can be exploited by an attacker to execute client-side code...

Maccms Cross-Site Scripting Vulnerability (CNVD-2019-17318)

Maccms is a PHP-based content management system CMS for film and television. A cross-site scripting vulnerability exists in Maccms 8.0 and earlier versions. The vulnerability stems from a lack of proper validation of client-side data in the WEB application. An attacker can exploit this...

MyBB Cross-Site Scripting Vulnerability (CNVD-2019-16947)

MyBB MyBulletinBoard is a free and Web-based forum software developed by MyBB team using PHP and MySQL. The software is characterized by its simplicity, multi-language support and extensibility. A cross-site scripting vulnerability exists in MyBB version 1.8.19, which can be exploited by attacker...

PHP Scripts Mall API Based Travel Booking Cross Site Scripting Vulnerability

PHP Scripts Mall API Based Travel Booking is an online travel booking system script by PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall API Based Travel Booking version 3.4.7, which can be exploited by an attacker to execute client-side code...

ENTTEC Datagate Mk2 Cross-Site Scripting Vulnerability

The ENTTEC Datagate MK2 is a lighting controller from ENTTEC Australia. A cross-site scripting vulnerability exists in the Web Configuration feature in the ENTTEC Datagate Mk2 70044update05032019-482 release. The vulnerability stems from the WEB application lacking proper validation of client dat...

Geutebrück G-Cam and G-Code Cross-Site Scripting Vulnerabilities

G-Cam is a series of webcams from Geutebrück.G-Code is an analog video encoder from Geutebrück. A cross-site scripting vulnerability exists in Geutebrück G-Cam and G-Code. The vulnerability stems from a lack of proper validation of client data by the WEB application. An attacker can exploit the...

ZOHO ManageEngine ServiceDesk Plus Cross-Site Scripting Vulnerability (CNVD-2019-16592)

ZOHO ManageEngine ServiceDesk Plus is a set of ITIL-based IT service management software ITSM from ZOHO. The software integrates incident management, problem management, asset management, IT project management, procurement and contract management and other functional modules. A cross-site scripti...

Apcupsd Cross-Site Scripting Vulnerability

pfSense is a set of network firewalls based on FreeBSD Linux. apcupsd is one of the uninterruptible power supply daemons. A cross-site scripting vulnerability exists in the apcupsdstatus.php file in Apcupsd version 0.3.915 in pfSense 2.4.4-RELEASE-p3 and earlier versions and other products. The...

Zimbra Collaboration Server Cross-Site Scripting Vulnerability

Zimbra Collaboration Server ZCS is a suite of email and collaboration solutions from Zimbra, USA. The solution provides email, contacts, calendaring, file sharing, social networking, and more. A cross-site scripting vulnerability exists in the admin console in version 8.x of Zimbra ZCS prior to...

PrestaShop cross-site scripting vulnerability (CNVD-2019-16479)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. A cross-site scripting vulnerability exists in the 'shopcountry' parameter of the...

Eventum Cross-Site Scripting Vulnerability

Eventum is a defect tracking system. The system is used to track inbound technical support, organizational tasks, bugs, etc. A cross-site scripting vulnerability exists in the /htdocs/postnote.php file in Eventum version 3.5.0. The vulnerability stems from a lack of proper validation of client-si...

EmpireCMS cross-site scripting vulnerability (CNVD-2019-16391)

EmpireCMS Empire Content Management System is an open source content management system CMS. A cross-site scripting vulnerability exists in EmpireCMS version 7.5.0, which can be exploited by an attacker to execute client-side code...

EmpireCMS Cross-Site Scripting Vulnerability

EmpireCMS Empire Content Management System is an open source content management system CMS. A cross-site scripting vulnerability exists in EmpireCMS version 7.5.0, which can be exploited by an attacker to execute client-side code...

Shave Cross-Site Scripting Vulnerability

Shave is a Javascript plugin that can truncate multiple lines of text according to the set number of pixels max-height. A cross-site scripting vulnerability exists in versions prior to Shave 2.5.3, which can be exploited by attackers to execute client-side code...

ProjectSend cross-site scripting vulnerability (CNVD-2019-36883)

ProjectSend formerly known as cFTP is a suite of self-hosted applications based on PHP and MySQL. A cross-site scripting vulnerability exists in the 'Name' field of the My Account page in versions prior to ProjectSend r1053. The vulnerability stems from the WEB application's lack of proper...

Quest Software KACE Systems Management Appliance Cross-Site Scripting Vulnerability

Quest Software KACE Systems Management Appliance is a systems management appliance from Quest Software, USA. It supports IT asset management, server management and monitoring, software license management and patch management. A cross-site scripting vulnerability exists in Quest Software KACE...

Zoho ManageEngine ServiceDesk Plus Cross-Site Scripting Vulnerability (CNVD-2019-15667)

ZOHO ManageEngine ServiceDesk Plus is a set of ITIL-based IT service management software ITSM from ZOHO. The software integrates incident management, problem management, asset management, IT project management, procurement and contract management and other functional modules. A cross-site scripti...

Applaud HCM Cross-Site Scripting Vulnerability

Applaud HCM is a human resource management application. A cross-site scripting vulnerability exists in Applaud HCM version 4.0.42+ that can be exploited by an attacker to execute client-side code...

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2019-25043)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site scriptin...