EUVD-2008-6030

Malware in sbrugna...

angular-fusioncharts (=4.1.0), dpv-angular (>=0.0.17 <=0.0.41) +3 more potentially affected by unknown CVE via @ctrl/ngx-codemirror (=7.0.0)

@ctrl/ngx-codemirror NPM version =7.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @ctrl/ngx-codemirror and may be impacted: - angular-fusioncharts =4.1.0 - dpv-angular =0.0.17, =0.0.1, =0.0.1, =1.0.1 Source cves: unknown CVE Source advisory:...

testing.dpsk12.org XSS vulnerability

Vulnerable URL: http://testing.dpsk12.org/fusioncharts/spf/default.asp?chart=1"...

eautoclub.com XSS vulnerability

Vulnerable URL: https://www.eautoclub.com/Support/swift/thirdparty/FusionCharts/Charts/ScrollLine2D.swf?%domid=%22%29%29catch%28e%29;alert%28%27OPENBUGBOUNTY%27%29//=1 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability...

mavensocial.com XSS vulnerability

Vulnerable URL: http://www.mavensocial.com/support/swift/thirdparty/FusionCharts/Charts/ScrollLine2D.swf?%domid=%22%29%29catch%28e%29;alert%28%27OPENBUGBOUNTY%27%29//=1 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability...

wiki.usaepay.com XSS vulnerability

Vulnerable URL: https://wiki.usaepay.com/tickets/swift/thirdparty/FusionCharts/Charts/ScrollLine2D.swf?%domid=%22%29%29catch%28e%29;alert%28%27OPENBUGBOUNTY%27%29//=1 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability...

InfoSoft FusionCharts 3 SWF Flash File Remote Code Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27109/info InfoSoft FusionCharts is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute malicious script cod...

Cross site scripting

Cross-site scripting XSS vulnerability in ActionScript in arbitrary Shockwave Flash SWF files created by InfoSoft FusionCharts allows remote attackers to inject arbitrary additional SWF content via a URL in the SRC attribute of an IMG element in the dataURL parameter...

CVE-2008-6060

Cross-site scripting XSS vulnerability in ActionScript in arbitrary Shockwave Flash SWF files created by InfoSoft FusionCharts allows remote attackers to inject arbitrary additional SWF content via a URL in the SRC attribute of an IMG element in the dataURL parameter...

CVE-2008-6060

CVE-2008-6060 describes a Cross-site Scripting (XSS) vulnerability in ActionScript within arbitrary Shockwave Flash (SWF) files generated by InfoSoft FusionCharts. The root cause is an injection vector via a URL in the SRC attribute of an IMG element in the dataURL parameter, enabling remote atta...

CVE-2008-6060

Cross-site scripting XSS vulnerability in ActionScript in arbitrary Shockwave Flash SWF files created by InfoSoft FusionCharts allows remote attackers to inject arbitrary additional SWF content via a URL in the SRC attribute of an IMG element in the dataURL parameter...

XSS Vulnerabilities in Common Shockwave Flash Files

Hi. Recently, there has been news regarding Flash authoring tools and XSS, but the articles contained little technical information. So, I created a detailed report at: http://docs.google.com/Doc?docid=ajfxntc4dmsq14dt57ssdw An abbreviated version intended for full-disclosure, bugtraq, and...

InfoSoft FusionCharts 3 - &#039;.swf&#039; Flash File Remote Code Execution

source: https://www.securityfocus.com/bid/27109/info InfoSoft FusionCharts is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute malicious script code in the context of the webserver...

InfoSoft FusionCharts 3 - .swf Flash File Remote Code Execution

InfoSoft FusionCharts 3 - .swf Flash File Remote Code Execution source: https://www.securityfocus.com/bid/27109/info InfoSoft FusionCharts is prone to a remote code-execution vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue t...