17 matches found
CVE-2019-13934
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in webclient of Siemens AG Polarion could allow an attacker to exploit a reflected XSS vulnerability. This issue affects: Siemens AG Polarion All versions 19.2...
CVE-2018-13409
An issue was discovered in Jirafeau before 3.4.1. The "search file by hash" form is affected by reflected XSS that could allow, by targeting an administrator, stealing a session and gaining administrative privileges...
openEMR 4.2.0 Cross Site Scripting / SQL Injection
Advisory: Multiple reflecting/stored XSS- and SQLi-vulnerabilities in openEMR v.4.2.0 Advisory ID: SROEADV-2015-08 Author: Steffen Rösemann Affected Software: openEMR v.4.2.0 Release-date: 28th Dec 2014 Vendor URL: http://www.open-emr.org Vendor Status: patched CVE-ID: to be assigned after releas...
Zeuscart 4.0 - Multiple Vulnerabilities
Zeuscart 4.0 - Multiple Vulnerabilities Advisory: Multiple reflecting XSS-, SQLi and InformationDisclosure-vulnerabilities in Zeuscart v.4 Advisory ID: SROEADV-2015-12 Author: Steffen Rösemann Affected Software: Zeuscart v.4 Vendor URL: http://zeuscart.com/ Vendor Status: pending CVE-ID: will ask...
Piwigo 2.7.3 - Multiple Vulnerabilities
Piwigo 2.7.3 - Multiple Vulnerabilities Advisory: Reflecting XSS- and SQL Injection vulnerability in CMS Piwigo = v. 2.7.3 Advisory ID: SROEADV-2015-06 Author: Steffen Rösemann Affected Software: CMS Piwigo = v. 2.7.3 Release date: 9th January 2015 Vendor URL: http://piwigo.org Vendor Status:...
Piwigo 2.7.3 - Multiple Vulnerabilities
Advisory: Reflecting XSS- and SQL Injection vulnerability in CMS Piwigo = v. 2.7.3 Advisory ID: SROEADV-2015-06 Author: Steffen Rösemann Affected Software: CMS Piwigo = v. 2.7.3 Release date: 9th January 2015 Vendor URL: http://piwigo.org Vendor Status: patched CVE-ID: - =========================...
CMS Piwigo 2.7.3 Cross Site Scripting / SQL Injection
Advisory: Reflecting XSS- and SQL Injection vulnerability in CMS Piwigo = v. 2.7.3 Advisory ID: SROEADV-2015-06 Author: Steffen Rösemann Affected Software: CMS Piwigo = v. 2.7.3 Release date: 9th January 2015 Vendor URL: http://piwigo.org Vendor Status: patched CVE-ID: - =========================...
ferretCMS 1.0.4-alpha - Multiple Vulnerabilities
Advisory: Advisory ID: SROEADV-2015-10 Author: Steffen Rösemann Affected Software: ferretCMS v. 1.0.4-alpha Vendor URL: https://github.com/JRogaishio/ferretCMS Vendor Status: vendor will patch eventually CVE-ID: - Tested on: - Firefox 35, Iceweasel 31 - Mac OS X 10.10, Kali Linux 1.0.9a...
CMS Websitebaker 2.8.3 SP3 Cross Site Scripting
Advisory: Reflecting XSS vulnerability in CMS Websitebaker v.2.8.3 SP3 Advisory ID: SROEADV-2015-03 Author: Steffen Rösemann Affected Software: CMS Websitebaker v.2.8.3 SP3 Vendor URL: http://www.websitebaker.org/de/home.php Vendor Status: Vendor did not respond CVE-ID: CVE-2015-0553 Tested with:...
CMS b2evolution 5.2.0 Cross Site Scripting Vulnerability
CMS b2evolution version 5.2.0 suffers from a cross site scripting vulnerability. Advisory: Reflecting XSS vulnerability in CMS filemanager of b2evolution v. 5.2.0 Author: Steffen Rösemann Affected Software: CMS b2evolution v. 5.2.0 Release-Date: 6th-Dec-2014 Vendor URL: http://b2evolution.net/...
CMS b2evolution 5.2.0 Cross Site Scripting
Advisory: Reflecting XSS vulnerability in CMS filemanager of b2evolution v. 5.2.0 Advisory ID: SROEADV-2014-09 Author: Steffen Rösemann Affected Software: CMS b2evolution v. 5.2.0 Release-Date: 6th-Dec-2014 Vendor URL: http://b2evolution.net/ Vendor Status: did not respond to issue CVE-ID: -...
CMS PHPKit WCMS 1.6.6 Cross Site Scripting
Advisory: Reflecting XSS vulnerability in CMS PHPKit WCMS v. 1.6.6 Advisory ID: SROEADV-2014-07 Author: Steffen Rösemann Affected Software: CMS PHPKit WCMS v. 1.6.6 Build: 1660014 Vendor URL: http://www.phpkit.com/de/ Vendor Status: did not respond to issue CVE-ID: - ==========================...
CMS e107 1.0.4 Cross Site Scripting
Advisory: Reflecting XSS vulnerability in CMS e107 v. 1.0.4 Advisory ID: SROEADV-2014-05 Author: Steffen Rösemann Affected Software: CMS e107 v. 1.0.4 Vendor URL: http://e107.org Vendor Status: did not respond to issue CVE-ID: - ========================== Vulnerability Description:...
Kajona CMS 4.6 Cross Site Scripting
Advisory: Reflecting XSS vulnerability in CMS Kajona v. 4.6 Advisory ID: SROEADV-2015-01 Author: Steffen Rösemann Affected Software: CMS Kajona v. 4.6 Vendor URL: https://www.kajona.de Vendor Status: solved CVE-ID: - ========================== Vulnerability Description: ==========================...
Absolut Engine 1.73 - Multiple Vulnerabilities
Absolut Engine 1.73 - Multiple Vulnerabilities Advisory: Multiple SQL Injections and Reflecting XSS in Absolut Engine v.1.73 CMS Advisory ID: SROEADV-2014-08 Author: Steffen Rösemann Affected Software: CMS Absolut Engine v. 1.73 Vendor URL: http://www.absolutengine.com/ Vendor Status: solved...
Absolut Engine 1.73 - Multiple Vulnerabilities
CMS Absolute Engine version 1.73 suffers from cross site scripting and remote SQL injection vulnerabilities. Advisory: Multiple SQL Injections and Reflecting XSS in Absolut Engine v.1.73 CMS Author: Steffen Rösemann Affected Software: CMS Absolut Engine v. 1.73 Vendor URL:...
CMS Contenido 4.9.5 Cross Site Scripting
Advisory: Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5 Advisory ID: SROEADV-2014-03 Author: Steffen Rösemann Affected Software: CMS Contenido 4.9.x-4.9.5 Release: 10th Dec 2014 Vendor URL: http://www.contenido.org/de/ Vendor Status: fixed CVE-ID: - ==========================...