Cross site scripting

Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...

Cross site scripting

Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the query and id parameters of the wpjb-email, wpjb-job, wpjb-application, and wpjb-membership modules. Remote attackers are ab...

CVE-2017-15374

Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...

CVE-2017-15374

Shopware 5.2.5–5.3 contains a persistent cross-site scripting (XSS) vulnerability in the backend CMS modules for customer and order handling. The flaw allows injection of script into firstname/lastname/order fields, triggering execution in the admin backend preview of customers or orders. Exploit...

CVE-2017-15375

Multiple client-side cross site scripting vulnerabilities have been discovered in the WpJobBoard v4.5.1 web-application for WordPress. The vulnerabilities are located in the query and id parameters of the wpjb-email, wpjb-job, wpjb-application, and wpjb-membership modules. Remote attackers are ab...

Default credentials

/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin password change...

CVE-2017-15304

/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin password change...

CVE-2017-15304

/bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin password change...

CVE-2017-15304

CVE-2017-15304 affects Airtame HDMI dongle Web Panel. The /bin/login.php vulnerability in firmware before 3.0 lets an attacker set a session id via a Cookie: PHPSESSID header, enabling persistent admin access even after a password change. Impact: unauthorized admin session persistence. Affected: ...

CVE-2017-10612

A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper...

Cross site scripting

A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper...

CVE-2017-10612 Junos Space: Persistent Cross site scripting in Junos Space

A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper...

Cross site scripting

A persistent stored XSS vulnerability in the EyesOfNetwork web interface aka eonweb 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admindevice/index.php...

Qards - Stored Cross-Site Scripting (XSS)

Google Dork: inurl:"plugins/qards" Qards provides you easy option to drag and edit every part and element of your site in the front-end, you will never have to write any code to change the layout or to change any part of the site like the traditional WordPress way. The vulnerable script...

CVE-2017-15188

EyesOfNetwork (EON) web interface (eonweb) 5.1-0 has a stored XSS vulnerability exploitable via the hosts array parameter in module/admin_device/index.php. Reported as CVE-2017-15188, the issue permits remote authenticated administrators to inject arbitrary script/HTML. Multiple connected sources...

Warning: Millions Of P0rnHub Users Hit With Malvertising Attack

Researchers from cybersecurity firm Proofpoint have recently discovered a large-scale malvertising campaign that exposed millions of Internet users in the United States, Canada, the UK, and Australia to malware infections. Active for more than a year and still ongoing, the malware campaign is bei...

CVE-2017-9537

SolarWinds Network Performance Monitor 12.0.15300.90 is affected by CVE-2017-9537 (and related records) due to a persistent XSS in the Add Node function. An attacker can inject arbitrary JavaScript into multiple vulnerable parameters (e.g., City, Comments, Department) during node-adding workflows...

SolarWinds Network Performance Monitor 12.0.15300.90 Cross Site Scripting

------------------------------------------------------------- Vulnerability type: Persistent Cross-Site Scripting ------------------------------------------------------------- Credit: Andy Tan CVE ID: CVE-2017-9537 ----------------------------------------------- Product: SolarWinds Network...

Google Kubernetes Information Disclosure Vulnerability

Google Kubernetes is an open source Docker container cluster management system from Google, Inc. The system provides resource scheduling, deployment and operation, service discovery and scaling up and down for containerized applications. A security vulnerability exists in Google Kubernetes, which...

CVE-2017-1002100

Default access permissions for Persistent Volumes PVs created by the Kubernetes Azure cloud provider in versions 1.6.0 to 1.6.5 are set to "container" which exposes a URI that can be accessed without authentication on the public internet. Access to the URI string requires privileged access to the...