Cross site scripting

Cross-site scripting XSS vulnerability in includes/options-profiles.php in the YouTube Embed plugin before 3.3.3 for WordPress allows remote administrators to inject arbitrary web script or HTML via the Profile name field youtubeembedname parameter...

CVE-2015-6658

Cross-site scripting XSS vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to uploading files...

CVE-2015-4310

Multiple cross-site scripting XSS vulnerabilities in Cisco Finesse 10.51 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a 1 GET or 2 POST request, aka Bug IDs CSCuq82322, CSCut95853, and CSCuq73975...

CVE-2015-6514

CVE-2015-6514 affects the Dashboard component of Splunk Enterprise 6.2.x (before 6.2.4) and Splunk Light 6.2.x (before 6.2.4). The root cause is a Cross-Site Scripting (XSS) vulnerability that could allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. E...

Nuts CMS - PHP Remote Code Injection Execution

Nuts CMS - PHP Remote Code Injection Execution "cli" die$error0; if$argc "; echo"\nExample: php $argv0 localhost /"; die; ifisset$argv1 && isset$argv2 $host = $argv1; $path = $argv2; $pack = "GET $pathnuts/login.php?r= HTTP/1.0\r\n"; $pack.= "Host: $host\r\n"; $pack.= "Cmd: %s\r\n"; $pack.=...

Oracle iPlanet Web Server 6.1.x < 6.1.21 / 7.0.x < 7.0.22 NSS Signature Handling Remote Code Injection

According to its self-reported version, the Oracle iPlanet Web Server formerly known as Sun Java System Web Server running on the remote host is 6.1.x prior to 6.1.21 or 7.0.x prior to 7.0.22. It is, therefore, affected by a flaw in the definitelengthdecoder function in the Network Security...

Oracle iPlanet Web Proxy Server 4.0.x < 4.0.26 NSS Signature Handling Remote Code Injection

According to its self-reported version, the Oracle iPlanet Web Proxy Server formerly known as Sun Java System Web Proxy Server installed on the remote host is version 4.0.x prior to 4.0.26. It is, therefore, affected by a flaw in the definitelengthdecoder function in the Network Security Services...

CVE-2015-2850

Cross-site scripting XSS vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

CVE-2015-5151

CVE-2015-5151 affects the WordPress Slider Revolution (Revslider) plugin version 4.2.2. The vulnerability stems from inadequate validation/filtering of the client_action parameter in the revslider_ajax_action action called by wp-admin/admin-ajax.php, allowing remote attackers to inject arbitrary ...

CVE-2015-4714

Cross-site scripting XSS vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body...

CVE-2015-0344

CVE-2015-0344 affects Adobe Connect Web App prior to version 9.4 with a Cross-Site Scripting (XSS) vulnerability allowing remote script/HTML injection via unspecified vectors. Impact: potential data exposure/sessions manipulation as per CVSS 2.0 metrics (I:P). Remediation: upgrade to Adobe Connec...

Cross site scripting

Cross-site scripting XSS vulnerability in adfs/ls in Active Directory Federation Services AD FS in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script or HTML via the wct parameter, aka "ADFS XSS Elevation of Privilege Vulnerability....

WordPress plugin Roomcloud 'roomcloud.php' has multiple cross-site scripting vulnerabilities

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.Roomcloud is a plugin for online hotel booking. Multiple cross-site scripting vulnerabilities exist in the WordPress plugin Roomcloud 'roomcloud.php', which allow...

Drupal Node Template Module Cross-Site Scripting Vulnerability

Drupal is a free, open-source content management system developed in the PHP language.Node Template is one of the modules that uses the structure and data of nodes as a template. A cross-site scripting vulnerability exists in the Drupal Node Template module, which allows remote attackers to explo...

WordPress Citizen Space Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Citizen Space plugin, which allows remote attackers to exploit the vulnerability to inject malicious...

CVE-2015-2704

realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response...

CVE-2015-2704

CVE-2015-2704 affects realmd: a flaw in how input is parsed when writing configuration into sssd.conf or smb.conf allows a remote attacker to inject arbitrary configurations via a newline in an LDAP response. Affected components are realmd and its DBus service used for realm discovery and enrollm...

Cross site scripting

Cross-site scripting XSS vulnerability in Cisco Secure Access Control Server Solution Engine ACSE 5.50.1 allows remote attackers to inject arbitrary web script or HTML via a file-inclusion attack, aka Bug ID CSCuu11005...

CVE-2015-3397

Cross-site scripting XSS vulnerability in Yii Framework before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON, arrays, and Internet Explorer 6 or 7...

vBulletin 4.x.x &#39;visitormessage.php&#39; Remote Code Injection Vulnerability

Exploit Title: vBulletin 4.x.x 'visitormessage.php' Remote Code Injection Vulnerability + Discovered By: Dariush Nasirpour Net.Edit0r + My Homepage: black-hg.org / nasirpour.info + Date: 2015 27 February + Vendor Homepage: vBulletin.com + Tested on: vBulletin 4.2.2 + Greeting : Ali Razmjoo -...