6665 matches found
GhostMail - (Status Message) Persistent Web Vulnerability
Document Title: =============== GhostMail - Status Message Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1470 Release Date: ============= 2018-06-26 Vulnerability Laboratory ID VL-ID: ==================================== 14...
Nagios Fusion < 4.1.4 Multiple XSS Vulnerabilities
Nagios Fusion is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2018-4842
A vulnerability has been identified in SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.4.1, SCALANCE X-200RNA switch family All versions V3.2.7, SCALANCE X-300 switch family incl. X408 and SIPLUS NET variants All versions V4.1.3. A remote, authenticated attacker with...
Cross site scripting
A vulnerability has been identified in SCALANCE X-200IRT switch family incl. SIPLUS NET variants All versions V5.4.1, SCALANCE X-200RNA switch family All versions V3.2.7, SCALANCE X-300 switch family incl. X408 and SIPLUS NET variants All versions V4.1.3. A remote, authenticated attacker with...
Cross site scripting
A vulnerability in the web framework of the Cisco Unified Communications Manager Unified CM software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient...
CVE-2018-0340
A vulnerability in the web framework of the Cisco Unified Communications Manager Unified CM software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient...
CVE-2018-0339
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some...
Cisco Integrated Management Controller Supervisor and Cisco UCS Director DOM Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based DOM-based, stored cross-site scripting XSS attack against a us...
Cisco Unified Communications Manager Cross-Site Scripting Vulnerability
A vulnerability in the web framework of the Cisco Unified Communications Manager Unified CM software could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient...
Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface. The vulnerability is due to insufficient input validation of some...
CVE-2018-11552
There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON-Auto-Dialer-Agents-Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable applicati...
Cross site scripting
A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...
CVE-2018-9186
A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...
CVE-2018-9186
A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...
CVE-2018-9186
A cross-site scripting XSS vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header...
Netgear DGN2200B Cross-Site Scripting
A cross-site scripting vulnerability has been reported in Netgear DGN2200B routers. Successful exploitation will result in the attacker-controlled script code being executed in the target user's browser in the context of the affected machine...
Ruckus (Brocade) ICX7450-48 Reflected Cross Site Scripting
I. VULNERABILITY ------------------------- Ruckus Brocade ICX7450-48 Reflected Cross Site Scripting II. CVE REFERENCE ------------------------- CVE-2018-11027 III. VENDOR HOMEPAGE ------------------------- https://www.ruckuswireless.com IV. DESCRIPTION ------------------------- Ruckus Brocade...
Input validation
In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios,...
CVE-2018-1147
The CVE-2018-1147 issue affects Nessus prior to 7.1.0, where improper input validation enables stored cross-site scripting (XSS). A remote authenticated attacker could craft and upload a .nessus file (or alter Advanced Settings) so that an administrator viewing it can trigger arbitrary script exe...
CVE-2018-1147
In Nessus before 7.1.0, a XSS vulnerability exists due to improper input validation. A remote authenticated attacker could create and upload a .nessus file, which may be viewed by an administrator allowing for the execution of arbitrary script code in a user's browser session. In other scenarios,...