CVE-2017-1000239

InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site...

CVE-2017-1000239

InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site...

CVE-2017-1000239

InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site...

CVE-2017-3150

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script...

CVE-2017-3150

Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookies that could be accessible to client-side script...

CVE-2016-9834

An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

InvoicePlane 1.4.10 File Upload / Cross Site Scripting Vulnerabilities

InvoicePlane version 1.4.10 suffers from cross site scripting and remote file upload vulnerabilities. title: Arbitrary File Upload & Stored XSS product: InvoicePlane vulnerable version: 1.4.10 fixed version: 1.5.2 CVE number: - impact: High homepage: https://invoiceplane.com/ found: 2017-04-10 by...

MS15-118: Description of the security update for the .NET Framework 4.5, 4.5.1, and 4.5.2 on Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows Server 2008 R2 SP1: November 10, 2015

MS15-118: Description of the security update for the .NET Framework 4.5, 4.5.1, and 4.5.2 on Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows Server 2008 R2 SP1: November 10, 2015 View products that this article applies to. Summary This update resolves vulnerabilities in the...

MS15-118: Description of the security update for the .NET Framework 3.5 on Windows 8 and Windows Server 2012: November 10, 2015

MS15-118: Description of the security update for the .NET Framework 3.5 on Windows 8 and Windows Server 2012: November 10, 2015 View products that this article applies to. Summary This update resolves vulnerabilities in the Microsoft .NET Framework. The most severe of these vulnerabilities could...

MS15-118: Description of the security update for the .NET Framework 4.5.1 and 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: November 10, 2015

MS15-118: Description of the security update for the .NET Framework 4.5.1 and 4.5.2 on Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2: November 10, 2015 View products that this article applies to. Summary This update resolves vulnerabilities in the Microsoft .NET Framework. The most seve...

MS15-118: Description of the security update for the .NET Framework 3.5.1 on Windows 7 SP1 and Windows Server 2008 R2 SP1: November 10, 2015

MS15-118: Description of the security update for the .NET Framework 3.5.1 on Windows 7 SP1 and Windows Server 2008 R2 SP1: November 10, 2015 View products that this article applies to. Summary This update resolves vulnerabilities in the Microsoft .NET Framework. The most severe of these...

MDS API XSS Vulnerability

A cross-site scripting vulnerability exists in SQL Server MDS that could allow an attacker to inject a client-side script into the user's browser instance. The vulnerability is caused when the SQL Server MDS does not properly validate a request parameter on the SQL Server site. The script could...

MiniUPnP DNS Rebind Vulnerability

The remote host is running a version of MiniUPnP that is affected by an unspecified flaw that exists in the Domain Name System DNS related to the 'rebinding' interaction. An unauthenticated, remote attacker can exploit this, by convincing a user to visit a specially crafted web page, to run a...

Microsoft System Center Operations Manager Cross-Site Scripting Vulnerability

Microsoft System Center Operations Manager is a Microsoft architecture for effective monitoring and management of IT environments, providing views of operational status, performance information, and generating alerts based on availability, performance, configuration, or security conditions. A...

WordPress Syndication Links Plugin <= 1.0.2 - Cross Site Scripting

This plugin is prone to a DOM cross site scripting vulnerability. This attack is executed as a result of modifying the DOM in the victim’s browser used by the original client side script. Solution Update the plugin...

Zenoss Monitoring System 4.2.5-2108 64bit - Stored XSS

No description provided by source. Exploit Title: Stored XSS vulnerability in Zenoss core open source monitoring system Date: 12/05/2014 Exploit author: Dolev Farhi dolevatopenflare.org Vendor homepage: http://zenoss.com Software Link: http://www.zenoss.com Version: Core 4.2.5-2108 64bit Tested o...

Zenoss Monitoring System 4.2.5-2108 64bit - Stored XSS Vulnerability

Cross-site scripting XSS vulnerability in Zenoss 4.2.5 allows remote attackers to inject arbitrary web script or HTML via the title of a device. Exploit Title: Stored XSS vulnerability in Zenoss core open source monitoring system Date: 12/05/2014 Exploit author: Dolev Farhi dolevatopenflare.org...

Zenoss Monitoring System 4.2.5-2108 (x64) - Persistent Cross-Site Scripting

Exploit Title: Stored XSS vulnerability in Zenoss core open source monitoring system Date: 12/05/2014 Exploit author: Dolev Farhi dolevatopenflare.org Vendor homepage: http://zenoss.com Software Link: http://www.zenoss.com Version: Core 4.2.5-2108 64bit Tested on: Kali Linux Vendor alerted:...

Zenoss Monitoring System 4.2.5-2108 Cross Site Scripting

Exploit Title: Stored XSS vulnerability in Zenoss core open source monitoring system Date: 12/05/2014 Exploit author: Dolev Farhi dolevatopenflare.org Vendor homepage: http://zenoss.com Software Link: http://www.zenoss.com Version: Core 4.2.5-2108 64bit Tested on: Kali Linux Vendor alerted:...

Spyce 2.1.3 spyce/examples/getpost.spy Name Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the...