IBM WebSphere Portal XSS Vulnerability

IBM WebSphere Portal is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Fortinet FortiAnalyzer and FortiManager 'Filenames' HTML Injection Vulnerability

Fortinet FortiManager is a centralized network security management solution; Fortinet FortiAnalyzer is a centralized network security reporting solution. An HTML injection vulnerability exists in FortiAnalyzer and FortiManager 'Filenames' that could be exploited by an attacker to steal cookie-bas...

IBM Cúram Social Program Management Cross-Site Scripting Vulnerability

IBM Cúram Social Program Management is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A cross-site scripting vulnerability exists in IBM Cúram Social Program Management that could be exploited by an attacker to...

IBM WebSphere Portal XSS Vulnerability

IBM WebSphere Portal is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

HTML Injection Vulnerability in Multiple Pivotal Products

Pivotal Cloud Foundry is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software that provides container scheduling, continuous delivery, and automated service deployment.Pivotal Elastic Runtime is one of Pivotal Cloud Foundry's runtime environments. UAA User...

Accela Civic Platform Citizen Access portal cross-site scripting vulnerability

Accela Civic Platform Citizen Access portal is a web portal for citizens and government to connect and interact. Cross-site scripting vulnerabilities exist in the Accela Civic Platform Citizen Access portal. These vulnerabilities can be exploited by an attacker to steal cookie-based authenticatio...

The vulnerability of WebSphere Application Server application servers allows attackers to gain access to protected information.

The vulnerability of WebSphere Application Server applications stems from the absence of the HTTPOnly flag in the Set-Cookie header. Exploiting this vulnerability allows a malicious actor to gain access to protected information through a cookie-based access scenario...

Microsoft Edge and Internet Explorer XSS Filter CVE-2016-3273 Information Disclosure Vulnerability

Description Microsoft Edge and Internet Explorer are prone to an information-disclosure vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. An attacker can exploit this issue to execute...

SQL Blind Betting Vulnerability in zzcms

ZZCMS highlights the investment and supply and demand functions, you can quickly build a product investment website. SQL injection vulnerability exists in zzcms product/project version, cookie and time-based blind injection. The vulnerability trigger point is in downfile.php, the attacker can use...

NodeBB < 0.7.3 XSS Vulnerability - Active Check

NodeBB is prone to a reflected cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE =...

LocalTapiola: Cookie-based client-side denial-of-service to all of the Lähitapiola domains

Cookie-based client-side denial-of-service to all of the Lähitapiola domains Time of detection: 23.2.2016 03:00-04:00 Affected URL: https://www.lahitapiola.fi/cs/Satellite?pagename=LahiTapiola/LTStatus&cookieName=selectedArea&cookieValue=1&backurl=http://www.lahitapiola.fi Description: After the...

Multiple Cross-Site Scripting Vulnerabilities in TheHostingTool

TheHostingTool is a set of open source free PHP-based hosting applications. TheHostingTool suffers from multiple cross-site scripting vulnerabilities. An attacker can exploit the vulnerabilities to steal cookie-based authentication...

Microsoft Internet Explorer XSS Filter CVE-2015-6144 Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a security-bypass vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. An attacker can exploit this issue to execute arbitrary script...

Matt Wright FormMail Multiple cross-site scripting (XSS) vulnerabilities (CVE-2009-1776; CVE-2009-1777)

FormMail is prone to an HTTP-response-splitting vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user, steal...

PHPInfo Large Input Cross-Site Scripting (CVE-2006-0996)

PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site...

Drupal Camtasia Relay Module Cross-Site Scripting Vulnerability

Drupal is an open source content management framework written in the PHP language. A cross-site scripting vulnerability exists in the Drupal Camtasia Relay Module, which can be exploited by an attacker to execute arbitrary script code in a browser to steal cookie-based authentication credentials...

EFM Networks ipTIME HTML Injection Vulnerability

EFM Networks ipTIME is the ipTIME series of routers, access points WiFi, modems and firewalls from EFM Networks in Korea. An HTML injection vulnerability exists in EFM Networks ipTIME n104r3 version. A remote attacker can exploit this vulnerability to execute arbitrary script or HTML code in a...

Amazon App Store Cross-Site Scripting Vulnerability

The Amazon App Store is a set of application stores from Amazon.com, Inc. in the United States. A cross-site scripting vulnerability exists in Amazon App Store. An attacker can exploit the vulnerability to execute arbitrary script code in the browser of a trusted user in the context of the affect...

Reflected cross-site scripting&#40;XSS&#41; Vulnerability in Manage Engine AD Audit Manager Plus Admin Panel&#40;Build 6270&#41;

Title:- Reflected cross-site scriptingXSS Vulnerability in Manage Engine AD Audit Manager Plus Admin PanelBuild 6270 Author: Harish Ramadoss - Help AG Middle East Vendor: ZOHO Corp Product: Manage Engine AD Audit Manager Plus Version: All versions below Build 6270 are mostly affected Tested...

Apache Axis2 < 1.5.2 'engagingglobally' XSS Vulnerability

Apache Axis2 is prone to a cross-site scripting XSS vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2015 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...