6036 matches found
CVE-2017-16907
In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...
Cross site scripting
In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...
CVE-2017-16907
In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...
DEBIAN-CVE-2017-16907
In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...
UBUNTU-CVE-2017-16907
In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...
CVE-2017-16907
In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...
CVE-2017-16907
In Horde Groupware, CVE-2017-16907 is a documented XSS in the Color field of a Create Task List action affecting Horde Groupware 5.2.19 and 5.2.21. Debian LTS advisories report fixes in php-horde-core (2.27.6+debian1-2+deb9u1) and php-horde (5.2.13+debian0-1+deb9u3) for Debian 9 stretch, indicati...
CVE-2017-16907
In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...
NethServer 7.3.1611 (create.json) CSRF Create User And Enable SSH Access
Description The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Vendor...
TinyWebGallery Add/Create Module Cross-Site Scripting Vulnerability
TinyWebGallery TWG is a software developer Michael Dempfle developed a set of open source album based on Ajax, PHP and XML , it provides text and image watermarking , slide show , image uploading and management features such as Add/Create module is one of the Add/Create module. A cross-site...
Zurmo Cross-Site Scripting Vulnerability
Zurmo is the United States Zurmo company's set of open source PHP-based customer relationship management system CRM. A cross-site scripting vulnerability exists in Zurmo version 3.2.1.57987acc3018. A remote attacker can exploit this vulnerability by sending a 'redirectUrl' parameter with a data:...
CVE-2017-16635
In TinyWebGallery v2.4, an XSS vulnerability is located in the mkname, mkitem, and item parameters of the Add/Create module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the TWG Explorer item listing. The request method to...
CVE-2017-16635
In TinyWebGallery v2.4, an XSS vulnerability is located in the mkname, mkitem, and item parameters of the Add/Create module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the TWG Explorer item listing. The request method to...
CVE-2017-16635
In TinyWebGallery v2.4, an XSS vulnerability is located in the mkname, mkitem, and item parameters of the Add/Create module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the TWG Explorer item listing. The request method to...
Cross site scripting
In TinyWebGallery v2.4, an XSS vulnerability is located in the mkname, mkitem, and item parameters of the Add/Create module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the TWG Explorer item listing. The request method to...
CVE-2017-16635
TinyWebGallery v2.4 is affected by a Cross-Site Scripting (XSS) vulnerability in the Add/Create module. The issue resides in the mkname, mkitem, and item parameters, allowing remote attackers with low-privilege backend access to inject script code into the TWG Explorer item listing. The attack us...
CVE-2017-15039
Cross-site scripting XSS exists in Zurmo 3.2.1.57987acc3018 via a data: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting...
CVE-2017-16569
An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an http: URL in the redirectUrl parameter to app/index.php/meetings/default/createMeeting...
CVE-2017-15965
The NS Download Shop aka comnsdownloadshop component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action...
CVE-2017-15936
In Artica Pandora FMS version 7.0, an Attacker with write Permission can create an agent with an XSS Payload; when a user enters the agent definitions page, the script will get executed...