Security Bulletin: Rational Asset Analyzer (RAA) is affected by a WebSphere Application Server vulnerability

Summary Asset Analyzer RAA has addressed the following vulnerability. IBM WebSphere Application Server was affected by a cross-site scripting. Vulnerability Details CVEID: CVE-2019-17573 DESCRIPTION: Apache CXF is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

Automattic: No Rate Limit when accessing "Password protection" enabled surveys leads to bypassing passwords via "pd-pass_surveyid" cookie

Summary: Hi team, If you write the right password on any password protected survey, you will see this request : F878934 This request is protected with rate limit, that's great. But if you look to response, you will see a cookie. The password protection feature is cookie-based system. In my survey...

CVE-2020-4082

The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting...

CVE-2020-4082

The HCL Connections 5.5 help system is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting...

CVE-2019-19134

The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to inject HTML or arbitrary JavaScript within the browser of ...

CVE-2019-19661

A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp...

Cross site scripting

A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp...

CVE-2019-19661

A Cookie based reflected XSS exists in the Web File Manager of Rumpus FTP Server 8.2.9.1, related to RumpusLoginUserName and snp...

Cisco Identity Services Engine Cross-Site Scripting Vulnerability (CNVD-2020-04517)

Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. A cross-site scripting...

WordPress Resim ara 1.0 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Resim ara 1.0 Resim ara is prone to a reflected cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

Open-Xchange AppSuite Multiple Security Vulnerabilities

Description Open-Xchange AppSuite is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected application. This may let the attacker steal cookie-based authentication...

DEBIAN-CVE-2019-14466

The GOsaFilterSettings cookie in GONICUS GOsa 2.7.5.2 is vulnerable to PHP objection injection, which allows a remote authenticated attacker to perform file deletions in the context of the user account that runs the web server via a crafted cookie value, because unserialize is used to restore...

Multiple Siemens EN100 Ethernet Modules SSA-418979 Multiple Security Vulnerabilities

Description Multiple Siemens EN100 Ethernet Modules are prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary code, using directory-traversal sequences '../' to retrieve sensitive information and execute arbitrary script code in the browser of an...

Atlassian FishEye and Crucible CVE-2019-15008 Cross Site Scripting Vulnerability

Description Atlassian FishEye and Crucible are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based...

Razer: Cookie based XSS on http://ftp1.thx.com

The ftp1.thx.com server, typically only used by THX employees and vendors, was subject to a minor XSS vulnerability. Razer thanks the tester for his diligence and clear report...

Security Bulletin: IBM TRIRIGA Application platform is vulnerable to a cross-site scripting attack. (CVE-2016-2883)

Summary IBM TRIRIGA Application Platform is vulnerable to cross-site scripting that could be used to steal cookie-based authentication credentials. Vulnerability Details CVEID: CVE-2016-2883 DESCRIPTION: IBM TRIRIGA is vulnerable to cross-site scripting, caused by improper validation of...

IBM Case Manager CVE-2019-4426 Cross Site Scripting Vulnerability

Description IBM Case Manager is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...

Moodle CVE-2019-14881 Cross Site Scripting Vulnerability

Description Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attack...

PT-2019-4283 · Apache +1 · Apache Shiro +1

Name of the Vulnerable Software and Affected Versions: Apache Shiro versions prior to 1.4.2 Description: The issue is related to the use of the default "remember me" configuration in Apache Shiro, which can make cookies susceptible to a padding attack. This could allow a remote attacker to impact...

WordPress Prior to 5.2.4 Multiple Security Vulnerabilities

Description WordPress is prone to multiple security vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and...