CVE-2018-7795

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic PM5560 prior to FW version 2.5.4 product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code...

Cross site scripting

A Cross Protocol Injection vulnerability exists in Schneider Electric's PowerLogic PM5560 prior to FW version 2.5.4 product. The vulnerability makes the product susceptible to cross site scripting attack on its web browser. User inputs can be manipulated to cause execution of java script code...

CVE-2017-17745

Cross-site scripting XSS vulnerability in systemnameset.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in systemnameset.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter...

CVE-2017-17745

Cross-site scripting XSS vulnerability in systemnameset.cgi in TP-Link TL-SG108E 1.0.0 allows authenticated remote attackers to submit arbitrary java script via the 'sysName' parameter...

Threat Outbreak Alert RuleID31558: Email Messages Distributing Malicious Software on December 18, 2017

Medium Alert ID: 56286 First Published: 2017 December 18 18:31 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID31558 may contain the following files: Name |...

Cross-Site Scripting in PAN-OS

A vulnerability exists in PAN-OS’s GlobalProtect internal and external gateway interface. This issue could allow for a cross-site scripting XSS attack. PAN-OS does not properly validate specific request parameters. Ref PAN-76003 / CVE-2017-12416 Successful exploitation of this issue may allow an...

KLA11093 Arbitrary code execution vulnerabilities in Foxit Reader

Multiple serious vulnerabilities have been found in Foxit Reader and Foxit PhantomPDF. Malicious users can exploit these vulnerabilities to execute arbitrary code. Below is a complete list of vulnerabilities: 1. An improper validation of user-supplied data in the saveAs Java script function can b...

Palo Alto PAN-OS Cross-Site Scripting Vulnerability

A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for a cross-site scripting XSS attack. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Cross-Site Scripting in PAN-OS

A vulnerability exists in the PAN-OS GlobalProtect external interface that could allow for a cross-site scripting XSS attack. PAN-OS does not properly validate specific request parameters. Ref PAN-77294 / CVE-2017-9467 Successful exploitation of this issue may allow an attacker to inject arbitrar...

Cross-Site Scripting in the Management Web Interface

A reflected cross-site scripting XSS vulnerability exists in the management web interface. PAN-OS contains an unauthenticated vulnerability that may allow for a reflected cross-site scripting XSS attack of the management web interface. ref PAN-76455 / CVE-2017-9459. Successful exploitation of thi...

Design/Logic Flaw

The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in eith...

CVE-2016-0781

The UAA OAuth approval pages in Cloud Foundry v208 to v231, Login-server v1.6 to v1.14, UAA v2.0.0 to v2.7.4.1, UAA v3.0.0 to v3.2.0, UAA-Release v2 to v7 and Pivotal Elastic Runtime 1.6.x versions prior to 1.6.20 are vulnerable to an XSS attack by specifying malicious java script content in eith...

HPE OpenCall Media Platform (OCMP) 4.3.2 - Cross-Site Scripting / Remote File Inclusion

Source: https://blogs.securiteam.com/index.php/archives/3087 SSD Advisory – HPE OpenCall Media Platform OCMP Multiple Vulnerabilities Want to get paid for a vulnerability similar to this one? Contact us at: [email protected] Vulnerabilities Summary The following advisory describes Reflected...

Cross-Site Scripting in the Management Web Interface

A persistent cross-site scripting XSS vulnerability exists in the management web interface ref PAN-66838 / CVE-2017-5584. PAN-OS contains a post-authentication vulnerability that may allow for a persistent cross-site scripting XSS attack of the management web interface. Successful exploitation of...

openSUSE Security Update : v8 (openSUSE-2017-119)

This update for v8 fixes the following issues : - maliciously crafted java script code could cause v8 in chromium to crash %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2017-119. Th...

Schneider Electric homeLYnk Controller

CVSS V3 6.3 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Schneider Electric Equipment: homeLYnk Controller, LSS100100 Vulnerability: Cross-site Scripting AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following products: homeLYnk Controller,...

Blackboard LMS 9.1 SP14 - (Profile) Persistent Vulnerability

Document Title: =============== Blackboard LMS 9.1 SP14 - Profile Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1900 Release Date: ============= 2017-01-09 Vulnerability Laboratory ID VL-ID: ====================================...

Mozilla: Use-after-free while manipulating HTML media content (MFSA 2015-106)

Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176...

onepound Shop / CMS XSS and SQL Injection Vulnerabilities

No description provided by source. :: General information :: onepound shop / cms XSS and SQL Injection vulnerabilities :: by Valentin Hoebel :: [email protected] :: Product information :: Name = onepound shop / cms :: Vendor = onepound :: Vendor Website = http://www.onepound.cn :: About the...