65 matches found
Aruba ClearPass Policy Manager 跨站脚本漏洞
Aruba ClearPass Policy Manager is an application of the U.S. company Aruba to provide wireless network security access management system Aruba ClearPass Policy Manager has a cross-site scripting vulnerability, an attacker can use the vulnerability to execute JavaScript code on the client side...
MediaWiki 跨站脚本漏洞
MediaWiki is a web-based wiki engine from the MediaWiki Foundation in the United States. The product can be used to deploy internal knowledge management and content management systems.A cross-site scripting vulnerability exists in versions of MediaWiki prior to 2022-04-29, which stems from an RSS...
FUEL CMS 跨站脚本漏洞
FUEL CMS is a content management system CMS based on the Codelgniter framework. version 1.5.1 of FUEL CMS suffers from a cross-site scripting vulnerability, which stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit the vulnerability to...
DouCo DouPHP 跨站脚本漏洞
DouPHP is a lightweight enterprise content management system CMS from China DouShell Network Technology, Inc. A cross-site scripting vulnerability exists in DouPHP, which stems from a lack of data validation filtering of user-supplied and output data in /admin/cloud.php. An attacker could exploit...
The vulnerability of the virtual learning environment Moodle, related to the lack of protection for the website structure, allows a hacker to execute arbitrary HTML code and script code in the user’s browser within the context of the vulnerable website.
The vulnerability of the virtual learning environment Moodle is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to execute arbitrary HTML code and script code in the user’s browser, within the context of the...
Cross-site Scripting (XSS)
Overview docsify is a magical documentation site generator. Affected versions of this package are vulnerable to Cross-site Scripting XSS. Docsify.js uses fragment identifiers parameters after sign to load resources from server-side .md files. Due to lack of validation here, it is possible to...
Security Bulletin: Log Analysis is vulnerable to a client side scripting attack due to missing HTTPOnly and Secure attribute in the cookie
Summary A remote attacker is able to obtain sensitive information cause by the failure to set the HttpOnly and Secure attribute in the cookie. This allow attacker to intercept the transmission and obtain information from the cookie in clear text Vulnerability Details CVEID: CVE-2019-4214...
Limesurvey Information Disclosure Vulnerability (CNVD-2019-31189)
LimeSurvey formerly known as PHPSurveyor is a set of open source online questionnaire survey program from the LimeSurvey team, which supports survey program development, questionnaire distribution, and data collection. A security vulnerability exists in Limesurvey versions prior to 3.17.14. An...
eZ Platform Admin UI Cross-Site Scripting Vulnerability
eZ Platform is an open source enterprise content management system CMS. admin UI is one of the back-end management interface . A cross-site scripting vulnerability exists in the Admin UI in eZ Platform version 2.x, which can be exploited by an attacker to execute client-side code...
Barracuda Cloud ESS 2.x - Multiple XSS Web Vulnerabilities
Document Title: =============== Barracuda Cloud ESS 2.x - Multiple XSS Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=742 Barracuda Networks Security ID: BNSEC-671 Release Date: ============= 2018-07-22 Vulnerability Laboratory ID...
Security Bulletin: IBM QRadar SIEM is vulnerable to a client side scripting attack due to a missing HTTPOnly flag on a cookie. (CVE-2015-1994)
Summary One of the cookies used for user authorization is missing the HTTPOnly Attribute which allows attackers leveraging a Cross-Site Scripting vulnerability to obtain the cookie value and then perform a session hijacking attack. Vulnerability Details CVE-ID: CVE-2015-1994 Description: IBM QRad...
CVE-2018-11090
An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within "ProxyPage.aspx" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site...
Cross site scripting
An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within "ProxyPage.aspx" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site...
CVE-2017-1000236
I, Librarian version =4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site...
I_ Librarian 4.64.7 - Command Injection Server Side Request Forgery Directory Enumeration Cross-Site Scripting
I Librarian 4.64.7 - Command Injection Server Side Request Forgery Directory Enumeration Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: I, Librarian PDF manager...
I, Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: I, Librarian PDF manager vulnerable version: =4.6 & 4.7 fixed version: 4.8 CVE number: - impact: Critical homepage:...
WP Good News Themes Cross-Site Scripting Vulnerability
A cross-site scripting vulnerability exists in Wordpress Good News Themes, which can be exploited by remote attackers to inject client-side scripting code...
Websense Data Security Cross Site Scripting
------------------------------------------------------------------------ Cross-Site Scripting vulnerability in Websense Data Security block page ------------------------------------------------------------------------ Han Sahin, September 2014...
JQuery 1.4.2 Cross Site Scripting
XSS Reflected JQuery 1.4.2 - Create object option in runtime client-side From: Mauro Risonho de Paula Assumpção Date: 02.09.2014 13:21:20 -0300 VSLA Security Advisory FIRE-XSS-Reflected-Jquery 1.4.2 2014-001: XSS Reflected JQuery 1.4.2 LEVEL: MEDIUM In our tests authorized by the customer, we can...
Agora.CGI 3.x/4.0 Debug Mode Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output. Debug mode is not...