CVE-2017-6908

An issue was discovered in concrete5 = 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data fID passed to the "concrete5-legacy-master/web/concrete/tools/files/selectordata.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the...

CVE-2017-6908

An issue was discovered in concrete5 = 5.6.3.4. The vulnerability exists due to insufficient filtration of user-supplied data fID passed to the "concrete5-legacy-master/web/concrete/tools/files/selectordata.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the...

Cross site scripting

A Cross-Site Scripting XSS issue was discovered in webpagetest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data pssid passed to the webpagetest-master/www/pss.php URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the...

Cross site scripting

Multiple Cross-Site Scripting XSS issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data benchmark, time passed to the webpagetest-master/www/benchmarks/viewtest.php URL. An attacker could execute arbitrary HTML and script code in...

CVE-2017-6541

Multiple Cross-Site Scripting XSS issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data benchmark, time passed to the webpagetest-master/www/benchmarks/viewtest.php URL. An attacker could execute arbitrary HTML and script code in...

CVE-2017-6535

Multiple Cross-Site Scripting XSS issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data benchmark, url passed to the webpagetest-master/www/benchmarks/trendurl.php URL. An attacker could execute arbitrary HTML and script code in ...

Cross site scripting

Multiple Cross-Site Scripting XSS issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data benchmark, url passed to the webpagetest-master/www/benchmarks/trendurl.php URL. An attacker could execute arbitrary HTML and script code in ...

CVE-2017-6539

Multiple Cross-Site Scripting XSS issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data benchmark, time passed to the webpagetest-master/www/benchmarks/delta.php URL. An attacker could execute arbitrary HTML and script code in a...

seacms search.php code execution vulnerability

function parseIf$content if strpos$content,'if:'=== false return $content; else $labelRule = buildregx"if:.? .? end if","is"; $labelRule2="elseif"; $labelRule3="else"; pregmatchall$labelRule,$content,$iar; $arlen=count$iar0; $elseIfFlag=false; for$m=0;$mparseStrIf$strIf; $strThen=$iar2$m;...

CVE-2017-6485

A Cross-Site Scripting XSS issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data errorMsg passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the...

CVE-2017-6484

Multiple Cross-Site Scripting XSS issues were discovered in INTER-Mediator 5.5. The vulnerabilities exist due to insufficient filtration of user-supplied data c and cred passed to the "INTER-Mediator-master/AuthSupport/PasswordReset/resetpassword.php" URL. An attacker could execute arbitrary HTML...

Cross site scripting

Multiple Cross-Site Scripting XSS issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data tooltipid, callback, args, cid passed to the EPESI-master/modules/Utils/Tooltip/req.php URL. An attacker could execute arbitrary HTML and scrip...

CVE-2017-6491

Multiple Cross-Site Scripting XSS issues were discovered in EPESI 1.8.1.1. The vulnerabilities exist due to insufficient filtration of user-supplied data tooltipid, callback, args, cid passed to the EPESI-master/modules/Utils/Tooltip/req.php URL. An attacker could execute arbitrary HTML and scrip...

Authorization

An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "whatanime.ga-master/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the...

Authorization

An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability exists due to insufficient filtration of user-supplied data in multiple parameters passed to several -sub-menu.php pages. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable...

CVE-2017-6396

An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerabl...

CVE-2017-6391

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "adminconsole/web/tools/SimpleJWPlayer.php" URL, the "adminconsole/web/tools/AkamaiBroadcaster.php" URL, the "adminconsole/web/tools/bigRedButton.php...

CVE-2017-6390

CVE-2017-6390 impacts whatanime.ga due to insufficient filtration of user-supplied data passed to the the path “whatanime.ga-master/index.php”. The connected CNVD entry describes a cross-site scripting vulnerability where an attacker can cause arbitrary HTML/JavaScript to execute in a browser con...

Cross-site Scripting (XSS)

zaproxy is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as zaproxy does not properly sanitize the Alert IconUrl, allowing arbitrary HTML code to be injected...

memcache-viewer Cross Site Scripting

Exploit Title: memcache-viewer - Stored XSS Date: 2017-02-24 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/chrisjameskirkham/memcache-viewer Software Link: https://github.com/chrisjameskirkham/memcache-viewer/archive/master.zip Version: Latest comm...