3 matches found
CVE-2015-5460
Cross-site scripting XSS vulnerability in app/views/events/menu.html.erb in Snorby 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the title cls.name variable when creating a classification...
CVE-2015-5460
Snorby 2.6.2 is affected by an HTML/XSS vulnerability in the server-side template app/views/events/_menu.html.erb. The issue allows remote attackers to inject arbitrary HTML/script via the title (cls.name) field when creating a classification, due to insufficient input handling. The vulnerability...
CVE-2015-5460
Cross-site scripting XSS vulnerability in app/views/events/menu.html.erb in Snorby 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the title cls.name variable when creating a classification...