16 matches found
EUVD-2016-5831
Malware in sbrugna...
EUVD-2016-5855
Malware in sbrugna...
CVE-2016-4849
Multiple cross-site scripting XSS vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COMgetCurrentURL function in 1 publichtml/layout/default/header.thtml, 2 publichtml/layout/bento/header.thtml, 3...
CVE-2016-4849
Multiple cross-site scripting XSS vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COMgetCurrentURL function in 1 publichtml/layout/default/header.thtml, 2 publichtml/layout/bento/header.thtml, 3...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COMgetCurrentURL function in 1 publichtml/layout/default/header.thtml, 2 publichtml/layout/bento/header.thtml, 3...
CVE-2016-4849
Multiple cross-site scripting XSS vulnerabilities in Geeklog IVYWE edition 2.1.1 allow remote attackers to inject arbitrary web script or HTML by leveraging use of the COMgetCurrentURL function in 1 publichtml/layout/default/header.thtml, 2 publichtml/layout/bento/header.thtml, 3...
CVE-2016-4849
CVE-2016-4849 concerns Geeklog IVYWE edition 2.1.1. The vulnerability is a set of cross-site scripting flaws that can be triggered via the COM_getCurrentURL function used in four layout template files (public_html/layout/default/header.thtml, layout/bento/header.thtml, layout/fotos/header.thtml, ...
CVE-2016-4875
Multiple cross-site scripting XSS vulnerabilities in the IVYWE 1 Assist plugin before 1.1.2.test20160906, 2 dataBox plugin before 0.0.0.20160906, and 3 userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the IVYWE 1 Assist plugin before 1.1.2.test20160906, 2 dataBox plugin before 0.0.0.20160906, and 3 userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-4875
Multiple cross-site scripting XSS vulnerabilities in the IVYWE 1 Assist plugin before 1.1.2.test20160906, 2 dataBox plugin before 0.0.0.20160906, and 3 userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2016-4875
CVE-2016-4875 describes cross-site scripting (CWE-79) vulnerabilities in Geeklog IVYWE edition plugins: Assist (before 1.1.2.test20160906), dataBox (before 0.0.0.20160906), and userBox (before 0.0.0.20160906). The root cause is untrusted input that can be injected into administrator-facing contex...
CVE-2016-4875
Multiple cross-site scripting XSS vulnerabilities in the IVYWE 1 Assist plugin before 1.1.2.test20160906, 2 dataBox plugin before 0.0.0.20160906, and 3 userBox plugin before 0.0.0.20160906 for Geeklog allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Multiple plugins for Geeklog IVYWE edition vulnerable to cross-site scripting
Overview Geeklog is an open source content management system CMS. The Geeklog IVYWE edition plugins Assist, dataBox, and userBox each contain a cross-site scripting CWE-79 vulnerability. IVY WE CO.,LTD. reported this vulnerability to IPA and JPCERT/CC to notify users of its solution through JVN...
Multiple Cross-Site Scripting Vulnerabilities in Geeklog IVYWE
geeklog is an open source content management system CMS. Multiple cross-site scripting vulnerabilities exist in Geeklog IVYWE. Because the program fails to properly perform user-supplied input, an attacker could exploit the vulnerabilities to execute arbitrary script code in a trusted user's...
Geeklog IVYWE edition contains a cross-site scripting vulnerability
Overview Geeklog is an open source content management system CMS. Geeklog IVYWE edition contains a cross-site scripting CWE-79 vulnerability. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...
JVN#09836883: Geeklog IVYWE edition contains a cross-site scripting vulnerability
Geeklog is an open source content management system CMS. Geeklog IVYWE edition contains a cross-site scripting CWE-79 vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Apply the Patch Apply the appropriate patch according to the information provided by...