Multiple Cross-Site Scripting Vulnerabilities in Cisco Secure Access Control Server (CNVD-2015-00230)

Cisco Secure ACS Access Control Server is a multifunction AAA authentication server. Multiple cross-site scripting vulnerabilities exist in Cisco Secure Access Control Server, allowing remote attackers to inject arbitrary web script or HTML via unspecified parameters...

WordPress Plugin Sodahead Polls Has Multiple Cross-Site Scripting Vulnerabilities

WordPress is a blogging platform developed using the PHP language that allows users to set up their own weblogs on servers that support PHP and MySQL databases.Sodahead Polls plugin is a plugin for polls. WordPress plugin Sodahead Polls suffers from multiple cross-site scripting vulnerabilities...

WordPress Plugin Relevanssi Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language, users can set up their own weblogs on servers that support PHP and MySQL databases.Relevanssi plugin is a WordPress search function enhancement plugin. A cross-site scripting vulnerability exists in WordPress plugin Relevanssi...

IPCop Cross-Site Scripting Vulnerability

IPCop is a Linux-based firewall suite developed by IPCop team, which is mainly for home and SOHO users, providing firewall functions and allowing monitoring and management of various information through some TCP/IP business rules. A cross-site scripting vulnerability exists in versions prior to...

WordPress PhotoSmash plugin cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, the platform supports personal blog sites set up on PHP and MySQL servers.PhotoSmash plugin is a plugin for adding photo albums. The WordPress PhotoSmash plugin has a cross-site scripting lea...

Social Microblogging PRO Cross-Site Scripting Vulnerability

Social Microblogging PRO is a social microblogging. A cross-site scripting vulnerability in Social Microblogging PRO version 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO parameter to the default URL...

FiberHome-Modem-Router-HG-110

Exploit Title: Directory Path Traversal FiberHome Modem Router HG-110 / Remote Change DNS Servers Date: 22/09/2013 Exploit Author: Javier Perez - [email protected] - @thes41nt Vendor Homepage: http://hk.fiberhomegroup.com/ Version: HG110BHV1.6 import urllib import urllib2 ip = rawinput "Ent...

IBM WebSphere Portal Cross-Site Scripting Vulnerability (CNVD-2014-09212)

IBM WebSphere Portal is a framework - including runtime servers, services, tools, and many other features - that you can use to integrate your enterprise into a single, customizable interface called a portal. A cross-site scripting vulnerability in IBM WebSphere Portal versions 6.1.0 through...

CVE-2014-8958

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allow remote authenticated users to inject arbitrary web script or HTML via a crafted 1 database, 2 table, or 3 column name that is improperly handled during...

CVE-2014-7850

Cross-site scripting XSS vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation...

CVE-2014-9036

Cross-site scripting XSS vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted Cascading Style Sheets CSS token sequence in a post...

DEBIAN-CVE-2014-9032

Cross-site scripting XSS vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

DEBIAN-CVE-2014-9031

Cross-site scripting XSS vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post...

CVE-2014-9031

Cross-site scripting XSS vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HTML via crafted use of shortcode brackets in a text field, as demonstrated by a comment or a post...

UBUNTU-CVE-2010-5312

Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...

UBUNTU-CVE-2014-8600

Multiple cross-site scripting XSS vulnerabilities in KDE-Runtime 4.14.3 and earlier, kwebkitpart 1.3.4 and earlier, and kio-extras 5.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via a crafted URI using the 1 zip, 2 trash, 3 tar, 4 thumbnail, 5 smtps, 6 smtp, 7 smb...

UBUNTU-CVE-2014-6300

Cross-site scripting XSS vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery CSRF attack to crea...

PT-2014-8631

Name of the Vulnerable Software and Affected Versions: Web Dorado Spider Video Player plugin versions prior to 1.5.2 Description: The issue is related to a cross-site scripting XSS vulnerability, which allows remote attackers to inject arbitrary web script or HTML. This can be achieved via...

PT-2014-5437 · Red Hat · Spacewalk-Java +1

Name of the Vulnerable Software and Affected Versions: spacewalk-java version 2.0.2 Red Hat Network RHN Satellite versions 5.5 through 5.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to API endpoints such as...

PT-2014-7820 · WordPress · Wp Google Maps

Name of the Vulnerable Software and Affected Versions: WP Google Maps plugin versions prior to 6.0.27 Description: The issue allows remote attackers to inject arbitrary web script or HTML via the poly id parameter in an edit poly, edit polyline, or edit marker action in the "wp-google-maps-menu"...