Design/Logic Flaw

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The content sanitizer component has an issue with filtering malicious content in case invalid HTML code is provided. In such cases the filter will output a unsanitized representation of the content. Malicious script code can...

CVE-2016-6845

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a...

CVE-2016-5124

Open-Xchange OX App Suite (frontend) is affected by CVE-2016-5124. Before 7.8.1-rev14, dragging and dropping images from external sources into HTML editors (e.g., E‑Mail Compose, OX Text) can inject script code in the user’s context, bypassing XSS filters. Exploitation requires user social engine...

Microsoft Edge and Internet Explorer XSS Filter CVE-2016-3273 Information Disclosure Vulnerability

Description Microsoft Edge and Internet Explorer are prone to an information-disclosure vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. An attacker can exploit this issue to execute...

Microsoft Edge and Internet Explorer CVE-2016-0077 Spoofing Vulnerability

Description Microsoft Edge and Internet Explorer are prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected...

Microsoft Internet Explorer Multiple Vulnerabilities (3116180)

This host is missing a critical security update according to Microsoft Bulletin MS15-124. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Revive Adserver < 3.2.2 Multiple Vulnerabilities (REVIVE-SA-2015-001)

Revive Adserver is prone to multiple vulnerabilities. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Novell ZENworks Mobile Management Cross-Site Scripting

A cross-site scripting vulnerability has been reported in Novell ZENworks Mobile Management. The vulnerability is due to insufficient validation of output before it is returned to the user. A remote attacker can exploit this vulnerability by enticing a user to click on a maliciously crafted link...

Open-Xchange (OX) App Suite Multiple Vulnerabilities - 01 (Oct 2015)

Open-Xchange OX App Suite is prone to multiple vulnerabilities. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free softwar...

PhpWiki Multiple Vulnerabilities

PhpWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpwiki:phpwiki"; ifdescription...

Microsoft Windows UDDI Services CVE-2015-2475 Cross Site Scripting Vulnerability

Description Microsoft Windows UDDI Services is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...

Cross-Site Scripting (XSS) in qTranslate WordPress Plugin

High-Tech Bridge Security Research Lab discovered vulnerability in qTranslate WordPress plugin, which can be exploited to perform Cross-Site Scripting XSS attacks against website administrators. Successful exploitation of this vulnerability may allow a remote attacker to gain complete control ove...

Barracuda Firewall 6.1.2 #36 - Exception Vulnerability

Document Title: =============== Barracuda Firewall 6.1.2 36 - Exception Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1102 Barracuda Networks Security ID BNSEC: BNSEC-2398 https://www.barracuda.com/support/knowledgebase/501600000013m1P...

Microsoft Internet Explorer Extended Validation SSL Certificate Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a security-bypass vulnerability. An attacker may exploit this issue to bypass EV SSL certificate guidelines by using a wildcard certificate. This may aid in further attacks. Technologies Affected Avaya Aura Conferencing 6.0 SP1 Standard Avaya Au...

ESMI PayPal Storefront 1.7 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12904/info ESMI PayPal Storefrom is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

Sabros.US 1.7 Index.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22115/info The 'sabros.us' application is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute ...

BookReview 1.0 suggest_category.htm node Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

My Blog 1.63 BBCode HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16659/info My Blog is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplie...

osCommerce 2.2 admin/zones.php page Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the...

PHPWCMS 1.2.5 -DEV Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. !/usr/bin/env python coding: utf-8 from pocsuite.net import req from pocsuite.poc import POCBase, Output from pocsuite.utils import register from urlparse import urljoin class TestPOCPOCBase: vulID = 'SSV-80148' vul ID version = '1' author = 'fenghh' vulDate =...