EUVD-2014-0075

Malware in sbrugna...

PT-2024-33148 · Unknown · Proactive Risk Manager

Name of the Vulnerable Software and Affected Versions: Proactive Risk Manager version 9.1.1.0 Description: The issue concerns multiple Cross-Site Scripting XSS vulnerabilities. These vulnerabilities are found in the add/edit form fields, specifically at URLs starting with the subpaths:...

Plone Unrestricted Filed Manipulation vulnerability via content edit forms

typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via 1 global parameters, 2 smart class parameters, or 3 smart variables in the a host or b hostgroup edit forms...

CVE-2013-4193

typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL...

PYSEC-2014-57

typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL...

PYSEC-2014-57

typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL...

CVE-2008-1131

Cross-site scripting XSS vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms...

CVE-2008-1131

Cross-site scripting XSS vulnerability in Drupal 6.0 allows remote authenticated users to inject arbitrary web script or HTML via titles in content edit forms...

SA-2008-018 - Drupal core - Cross site scripting

Titles are not escaped prior to being displayed on content edit forms, allowing users to inject arbitrary HTML and script code into these pages. The Drupal.checkPlain function, used to escape text in ECMAScript, contains a bug which causes it to escape only the first instance of a character,...