PT-2014-5450 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 1.583 Jenkins LTS versions prior to 1.565.3 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Recommendations: For Jenkins versions...

PT-2014-5447 · Jenkins · Jenkins Monitoring Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Monitoring plugin versions prior to 1.53.0 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML. Recommendations: For versions prior to 1.53.0, update to version 1.53.0 or later ...

CVE-2014-4510

Cross-site scripting XSS vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2014-5464

Cross-site scripting XSS vulnerability in the nDPI traffic classification library in ntopng aka ntop before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header...

CVE-2014-5273

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the 1 browse table page, related to js/sql.js; 2 ENUM editor page, related to...

UBUNTU-CVE-2014-5022

Cross-site scripting XSS vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled textfield and a file field...

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

JSF: XSS due to insufficient escaping of user-supplied content in outputText tags and EL expressions

It was found that Mojarra JavaServer Faces did not properly escape user-supplied content in certain circumstances. Contents of outputText tags and raw EL expressions that immediately follow script or style elements were not escaped. A remote attacker could use a specially crafted URL to execute...

CVE-2014-4946

Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via 1 unspecified flags or 2 a mailbox name in the dynamic mailbox view...

DEBIAN-CVE-2014-4945

Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic 1 mailbox or 2 message view...

UBUNTU-CVE-2014-4946

Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via 1 unspecified flags or 2 a mailbox name in the dynamic mailbox view...

PT-2014-3413 · D Link · D-Link Dir-645 Router

Name of the Vulnerable Software and Affected Versions: D-Link DIR-645 Router Rev. A1 with firmware prior to 1.04B11 Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the deviceid parameter to the "parentalcontrols/bind.php" endpoint, t...

DEBIAN-CVE-2014-4002

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the 1 drpaction parameter to cdef.php, 2 datainput.php, 3 dataqueries.php, 4 datasources.php, 5 datatemplates.php, 6 graphtemplates.php, 7 graphs.php, 8 host.php, or...

PHPLib Team PHPLIB 7.2 - Remote Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3079/info The PHP Base Library'PHPLIB' is a code library which provides support for session management in web applications. It is targeted to developers and is widely used in many web applications, so a strong possibility...

MTP Guestbook 1.0 - Multiple XSS Vulnerabilities

No description provided by source. ?!-- MTP Guestbook 1.0 Multiple Remote Script Insertion Vulnerabilities Vendor: MTP Scripts Product web page: http://www.morephp.net Affected version: 1.0 Summary: MTP Guestbook allows you to put a guestbook on your website. Your visitors can sign it and leave a...

Artmedic Newsletter 4.1 Log.PHP Remote Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/18047/info Artmedic Newsletter is prone to a remote PHP code-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to creat...

TRG News 3.0 Script Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12855/info A remote file include vulnerability affects TRG News. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality. Remote...

ImgSvr 0.6.21 Error Message Remote Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/27033/info ImgSvr is prone to a remote script-execution vulnerability because it fails to adequately sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlyi...

Wirtualna Polska WPKontakt 3.0.1 - Remote Script Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12097/info WPKontakt is reported prone to a potential script execution vulnerability. It is reported that this issue may allow remote attackers to execute arbitrary script code on a vulnerable computer, which may lead to...

The Includer 1.0/1.1 - Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12926/info The Includer is reported prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote script through an affected parameter. An attacker...