Cross site scripting

An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a pag...

CVE-2018-10371

An issue was discovered in the wunderfarm WF Cookie Consent plugin 1.1.3 for WordPress. A persistent cross-site scripting vulnerability has been identified in the web interface of the plugin that allows the execution of arbitrary HTML/script code to be executed in a victim's web browser via a pag...

CVE-2018-8831

A Persistent XSS vulnerability exists in Kodi formerly XBMC through 17.6 that allows the execution of arbitrary HTML/script code in the context of the victim user's browser via a playlist...

XSS in Error Page - ownCloud

A Attacker can inject HTML script code into a error message Affected Software ownCloud Server 10.0.2 CVE-2017-8896 ownCloud Server 9.1.6 CVE-2017-8896 ownCloud Server 9.0.10 CVE-2017-8896 ownCloud Server 8.2.12 CVE-2017-8896 Action Taken Escape output Acknowledgements The ownCloud team thanks the...

CVE-2017-6486

A Cross-Site Scripting XSS issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data nyroModalSel passed to the "reasoncms-master/www/nyroModal/demoSent.php" URL. An attacker could execute arbitrary HTML and script code in a...

Pandora FMS 5.1SP1 Cross Site Scripting Vulnerability

Pandora FMS version 5.1SP1 suffers from a cross site scripting vulnerability. I. VULNERABILITY ------------------------- XSS Reflected in Page visualization agents in Pandora FMS v5.1SP1 - Revisión PC141031 II. BACKGROUND Pandora FMS is the monitoring software chosen by several companies all...

WordPress Social Connect Plugin <= 1.0.4 XSS Vulnerability - Active Check

WordPress Social Connect Plugin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Intel Graphics Accelerator Driver Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16127/info The Intel Graphics Accelerator driver is susceptible to a remote denial of service vulnerability. This issue is demonstrated to occur when the affected driver attempts to display an overly long text in a text...

Oracle Demantra 12.2.1 - Stored XSS Vulnerability

Exploit for windows platform in category web applications Details: The TaskSender area is vulnerable to a stored cross-site scripting vulnerability. Impact: An attacker could exploit this flaw to get active HTML or script code executed in an authenticated user’s browser. Cross-site Scripting may ...

[ISecAuditors Security Advisories] Multiple XSS vulnerabilities in &quot;Project&#39;Or RIA&quot;

============================================= INTERNET SECURITY AUDITORS ALERT 2013-018 - Original release date: July 26th, 2013 - Last revised: July 26th, 2013 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 CVSSv2 Base Scored - CVE-ID: CVE-2013-6163...

Debian Security Advisory DSA 2651-1 (smokeping - cross-site scripting vulnerability)

A cross-site scripting vulnerability was discovered in smokeping, a latency logging and graphing system. Input passed to the displaymode parameter was not properly sanitized. An attacker could use this flaw to execute arbitrary HTML and script code in a user's browser session in the context of an...

[ISecAuditors Security Advisories] Reflected XSS in Atmail WebMail &lt; v6.2.0

============================================= INTERNET SECURITY AUDITORS ALERT 2010-009 - Original release date: August 30th, 2010 - Last revised: September 21st, 2010 - Discovered by: Vicente Aguilera Diaz - Severity: 4.3/10 CVSSv2 Base Scored ============================================= I...

Gadu-Gadu several vulnerabilities

Product: Gadu-Gadu, most of all available versions including the latest one Vendor: SMS-EXPRESS.COM http://www.gadu-gadu.pl Impact: Several vulnerabilities within application allow for remote execution of arbitrary code and information stealing Severity: Critical Authors: Blazej Miga...

AzDGDatingLite 2.1.1 - &#039;index.php?language&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/10084/info Multiple cross-site scripting vulnerabilities have been reported in AzDGDatingLite. These issues may be exploited by enticing a victim user to visit a malicious link that includes hostile HTML and script code. Exploitation could facilitate thef...

WebCortex WebStores2000 - &#039;error.asp&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/9693/info It has been reported that WebStores2000 is prone to a cross-site scripting vulnerability. This issue is reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site scripting attacks...

OpenAutoClassifieds 1.0 - Listing Cross-Site Scripting

OpenAutoClassifieds 1.0 - Listing Cross-Site Scripting source: https://www.securityfocus.com/bid/8972/info It has been reported that OpenAutoClassifieds is prone to a cross-site scripting vulnerability. The issue is reported to exist due insufficient sanitization of user-supplied data through the...

WebCalendar 0.9.x colors.php color XSS

WebCalendar 0.9.x colors.php color XSS. Webapps exploit for php platform source: http://www.securityfocus.com/bid/8539/info It has been reported that WebCalendar is prone to multiple cross-site scripting vulnerabilites in various modules. The issues exist in includes/js/colors.php, week.php,...

PHP Classifieds 6.0.5 - Cross-Site Scripting

PHP Classifieds 6.0.5 - Cross-Site Scripting source: https://www.securityfocus.com/bid/5022/info PHP Classifieds has been reported to be prone to cross-site scripting attacks. Attackers may inject arbitrary HTML or script code into URI parameters in a malicious link. When the malicious link is...

Microsoft Internet Explorer 5.5 ASCII equivalent of &quot;&#37;01&quot; security vulnerability....

The following security vulnerability has been found in Microsoft Internet Explorer version 5.5 When "
" an undisplayable character, which is eaqual to the 1st caharacter in ASCII table - after the 0th... inserted in some strategic position in Javascript code ,it is possible to access to local fil...