VMware vRealize Automation Cross-Site Scripting Vulnerability (VMSA-2016-0003)

VMware vRealize Automation is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2016-5897

IBM Jazz Reporting Service JRS is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

Design/Logic Flaw

IBM Jazz Reporting Service JRS is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2016-7966

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign = or a space into the injected HTML, which greatly reduces the available HTML functionality...

CVE-2016-4026

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can...

CVE-2016-4026

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can...

Cisco Unified Communications Manager Web Interface Cross-Site Scripting Vulnerability

A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager CallManager could allow an unauthenticated, remote attacker to launch a cross-site scripting XSS attack against a user of the web interface on the affected system. The vulnerability is due to...

iOS WebView Problem Allows Attackers to Initiate Phone Calls

iOS developers who have embedded Apple’s WebView into mobile apps need to be aware of an exploitable issue that could allow phone calls to a number of the attacker’s choosing. Researcher Collin Mulliner said the vulnerability is trivial to exploit, requiring at a minimum one line of HTML code. Th...

Design/Logic Flaw

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI...

CVE-2015-0787

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI...

CVE-2016-1592

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI...

Debian DLA-673-1 : kdepimlibs security update

Roland Tapken discovered that insufficient input sanitizing in KMail's plain text viewer allowed attackers the injection of HTML code. This might open the way to the exploitation of other vulnerabilities in the HTML viewer code, which is disabled by default. For Debian 7 'Wheezy', these problems...

Debian DSA-3697-1 : kdepimlibs - security update

Roland Tapken discovered that insufficient input sanitising in KMail's plain text viewer allowed the injection of HTML code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3697. The text...

DLA-673-1 kdepimlibs - security update

Bulletin has no description...

Debian Security Advisory DSA 3697-1 (kdepimlibs - security update)

Roland Tapken discovered that insufficient input sanitising in KMail OpenVAS Vulnerability Test $Id: deb3697.nasl 6608 2017-07-07 12:05:05Z cfischer $ Auto-generated from advisory DSA 3697-1 using nvtgen 1.0 Script version: 1.0 Author: Greenbone Networks Copyright: Copyright c 2016 Greenbone...

DSA-3697-1 kdepimlibs - security update

Bulletin has no description...

XhP CMS 0.5.1 - Cross-Site Request Forgery Persistent Cross-Site Scripting

XhP CMS 0.5.1 - Cross-Site Request Forgery Persistent Cross-Site Scripting Exploit Title: XhP CMS 0.5.1 - Cross-Site Request Forgery to Persistent Cross-Site Scripting Exploit Author: Ahsan Tahir Date: 19-10-2016 Software Link: https://sourceforge.net/projects/xhp/ Vendor:...

OLX: Reflected XSS at m.olx.ph

INTRO The m.olx.ph domain is vulnerable to reflected XSS through the search function. EXPLOITABILITY & PoC The following URL contains an XSS vector, which causes an alert box to appear https://m.olx.ph/all-results?q=:%27%3E%3Cimg%20src=/%20onerror=alert%28document.domain%29%3E or...

CVE-2016-7966

Through a malicious URL that contained a quote character it was possible to inject HTML code in KMail's plaintext viewer. Due to the parser used on the URL it was not possible to include the equal sign = or a space into the injected HTML, which greatly reduces the available HTML functionality...

ZKTeco ZKAccess Security System 5.3.1 - Persistent Cross-Site Scripting

Exploit for jsp platform in category web applications !-- ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability Vendor: ZKTeco Inc. | Xiamen ZKTeco Biometric Identification Technology Co.,ltd Product web page: http://www.zkteco.com Affected version: 5.3.12252 Summary: ZKAccess Systems ar...