WordPress Markdown on Save Improved Plugin Cross-Site Scripting Vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform using PHP language development, the platform supports in PHP and MySQL server set up a personal blog site.Markdown on Save Improved is one of the editor plugin. A cross-site scripting vulnerability exists in the posting...

CVE-2017-9037

Multiple cross-site scripting XSS vulnerabilities in Trend Micro ServerProtect for Linux 3.0 before CP 1531 allow remote attackers to inject arbitrary web script or HTML via the 1 S44, 2 S5, 3 Sactionfail, 4 Sptnupdate, 5 T113, 6 T114, 7 T115, 8 T117117, 9 T118, 10 Tactionfail, 11 Tptnupdate, 12...

Telerik Reporting for ASP.NET WebForms Report Viewer Control Cross-Site Scripting Vulnerability

Telerik Reporting for ASP.NET WebForms Report Viewer control is an ASP.NET-based report generation control developed by Telerik Inc. A cross-site scripting vulnerability exists in Telerik Reporting for ASP.NET WebForms Report Viewer control versions prior to Telerik ASP.NET WebForms Report Viewer...

CVE-2017-7288

Cross-site scripting XSS vulnerability in Zimbra Collaboration Suite ZCS before 8.7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

UBUNTU-CVE-2015-5381

Cross-site scripting XSS vulnerability in program/include/rcmail.php in Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the mbox parameter to the default URI...

MODX Revolution Cross-Site Scripting Vulnerability (CNVD-2017-07468)

MODX Revolution is a PHP-based open source content management system CMS from the U.S. company MODX. The system supports online collaboration, search engine optimization SEO, add-ons and more. A cross-site scripting vulnerability exists in versions of MODX Revolution prior to 2.5.7. A remote...

WordPress adsense-click-fraud-monitoring phpwhois cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Software Foundation using the PHP language, which supports personal blog sites on PHP and MySQL servers. adsense-click-fraud-monitoring is one of the malicious click monitoring plugins. phpwhois is a package containing Whois libraries fo...

CVE-2016-4858

Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light...

DEBIAN-CVE-2016-4855

Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Accellion FTA Device Cross-Site Scripting Vulnerability (CNVD-2017-07449)

Accellion File Transfer is a web-based file transfer/synchronization system. A cross-site scripting vulnerability exists in the Accellion FTA appliance FTA912180 and prior versions. This allows remote attackers to inject arbitrary web script or HTML...

Proxmox Mail Gateway Cross-Site Scripting Vulnerability

Proxmox Mail Gateway is an e-mail gateway product from Proxmox Server Solutions, Austria. The product protects e-mail from virus, phishing and Trojan horse threats. A cross-site scripting vulnerability exists in versions prior to Proxmox Mail Gateway hotfix 4.0-8-097d26a9. A remote attacker can...

WordPress Plugin Delete All Comments Arbitrary File Upload

On November 20th, while auditing a hacked WordPress website, we identified a critical vulnerability in the Delete All Comments WordPress plugin v2.0, which has over 30,000 active installations. Because a part of the delete-all-comments.php main script is not restricted to the administrator, any...

Exponent CMS Cross-Site Scripting Vulnerability (CNVD-2017-06734)

Exponent CMS is a free, open source, modular PHP-based content management system CMS. The system supports direct editing in the page and provides user management, site configuration, content editing and other functions. A cross-site scripting vulnerability exists in the...

DEBIAN-CVE-2016-6333

Cross-site scripting XSS vulnerability in the CSS user subpage preview feature in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote attackers to inject arbitrary web script or HTML via the edit box in Special:MyPage/common.css...

CVE-2016-4888

Cross-site scripting XSS vulnerability in ZOHO ManageEngine ServiceDesk Plus before 9.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2016-2104

Multiple cross-site scripting XSS vulnerabilities in Red Hat Satellite 5 allow remote attackers to inject arbitrary web script or HTML via 1 the label parameter to admin/BunchDetail.do; 2 the packagename, 3 searchsubscribedchannels, or 4 channelfilter parameter to software/packages/NameOverview.d...

UBUNTU-CVE-2015-8864

Cross-site scripting XSS vulnerability in Roundcube Webmail before 1.0.9 and 1.1.x before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via a crafted SVG, a different vulnerability than CVE-2016-4068...

CVE-2016-1179

Cross-site scripting XSS vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML...

CVE-2017-3125

An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker...

Pixie Cross-Site Scripting Vulnerability

Pixie is an open source lightweight website content management system CMS. The system supports CSS themes, WYSIWYG editors and more. A cross-site scripting vulnerability exists in Pixie version 1.0.4, which stems from the program not properly validating user-submitted input. A remote attacker can...