System: Multiple cross-site scripting flaws by displaying CRL or processing profile

Multiple cross-site scripting XSS vulnerabilities in Red Hat Certificate System RHCS before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the 1 pageStart or 2 pageSize to the displayCRL script, or 3 nonce variable to the profileProcess script...

Axis Commerce 0.8.7.2 Cross Site Scripting

Axis Commerce 0.8.7.2 Remote Script Insertion Vulnerabilities alert'XSS';", "base":"TESTSTRING", "secure":"TESTSTRING2", "rootcategory":"2"' / input type="hidden" name="a...

Axis Commerce 0.8.7.2 Remote Script Insertion Vulnerabilities

Summary Powerful open source ecommerce platform. Description Axis Commerce suffers from multiple stored XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and...

Axis Commerce 0.8.7.2 Cross Site Scripting Vulnerability

Axis Commerce version 0.8.7.2 suffers from multiple stored cross site scripting vulnerabilities. Axis Commerce 0.8.7.2 Remote Script Insertion Vulnerabilities alert'XSS';", "base":"TESTSTRING",...

Debian DSA-2578-1 : rssh - insufficient filtering of rsync command line

James Clawson discovered that rssh, a restricted shell for OpenSSH to be used with scp, sftp, rdist and cvs, was not correctly filtering command line options. This could be used to force the execution of a remote script and thus allow arbitrary command execution. Two CVE were assigned : -...

CVE-2012-5920

CVE-2012-5920 is an XSS vulnerability in Google Web Toolkit (GWT) 2.4–2.5 Final, used in JBoss Operations Network 3.1.1 and potentially other products. It stems from an incomplete fix for CVE-2012-4563 and allows remote attackers to inject arbitrary script/HTML via unspecified vectors. Red Hat/IB...

UBUNTU-CVE-2012-5882

Cross-site scripting XSS vulnerability in the Flash component infrastructure in YUI 2.5.0 through 2.9.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to uploader.swf, a similar issue to CVE-2010-4208...

DEBIAN-CVE-2011-4928

Cross-site scripting XSS vulnerability in the textile formatter in Redmine before 1.0.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2012-5229

Cross-site scripting XSS vulnerability in css/gallery-css.php in the Slideshow Gallery2 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the border parameter...

PT-2012-4179 · Red Hat · Cumin +1

Name of the Vulnerable Software and Affected Versions: Cumin versions prior to 0.1.5444 Red Hat Enterprise Messaging, Realtime, and Grid MRG version 2.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to error message displays ...

Cross site scripting

Cross-site scripting XSS vulnerability in fup in Frams' Fast File EXchange FEX, aka fex before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

CVE-2011-5128

Multiple cross-site scripting XSS vulnerabilities in the Adminimize plugin before 1.7.22 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter to 1 inc-options/deinstalloptions.php, 2 inc-options/themeoptions.php, or 3 inc-options/imexportoptions.php, ...

CVE-2011-5125

Cross-site scripting XSS vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE method...

CVE-2011-5115

Cross-site scripting XSS vulnerability in DLGuard, possibly 4.6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the searchCart parameter to index.php...

CVE-2012-2769

Multiple cross-site scripting XSS vulnerabilities in the topic administration page in the Extension::MobileUI extension before 1.02 for Best Practical Solutions RT 3.8.x and in Best Practical Solutions RT before 4.0.6 allow remote attackers to inject arbitrary web script or HTML via unspecified...

CVE-2012-2571

Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

Dr. Web Control Center 6.00.3.201111300 - Cross-Site Scripting

Dr. Web Control Center 6.00.3.201111300 - Cross-Site Scripting Dr. Web Control Center Admin UI Remote Script Code Injection ============================================================= Affected Products/Versions -------------------------- Product Name: Dr. Web Enterprise Server Version Number:...

Dr. Web Control Center 6.00.3.201111300 Cross Site Scripting

Dr. Web Control Center Admin UI Remote Script Code Injection ============================================================= Affected Products/Versions -------------------------- Product Name: Dr. Web Enterprise Server Version Number: 6.00.3.201111300 Product/Company Information...

Dr. Web Control Center 6.00.3.201111300 - Cross-Site Scripting

Dr. Web Control Center Admin UI Remote Script Code Injection ============================================================= Affected Products/Versions -------------------------- Product Name: Dr. Web Enterprise Server Version Number: 6.00.3.201111300 Product/Company Information...

UBUNTU-CVE-2012-3790

Cross-site scripting XSS vulnerability in index.php in Adiscon LogAnalyzer before 3.4.4 and 3.5.x before 3.5.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter in a Search action...