NethServer 7.3.1611 (Upload.json) CSRF Script Insertion Vulnerability

Description NethServer suffers from an authenticated stored XSS vulnerability. Input passed to the 'BackupConfigUploadDescription' POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser sessio...

WordPress Cartogiraffe Map 1.0 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Cartogiraffe Map Plugin 1.0 Cartogiraffe Map Plugin is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

WordPress Secure HTML5 Video Player 3.14 Cross Site Scripting Vulnerability

WordPress Secure HTML5 Video Player plugin version 3.14 suffers from a cross site scripting vulnerability. Vulnerable Secure HTML5 Video Player Plugin 3.14 Secure HTML5 Video Player Plugin is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize...

Logitech Media Server Multiple Persistent XSS Vulnerabilities

Logitech Media Server is prone to multiple stored cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2017-16636

In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new page, new category, and edit post function body message context. Remote attackers are able to bypass the basic editor validation to trigger cross site scripting. The XSS is persistent and the request method to inject via edit...

Cross site scripting

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...

CVE-2017-12288

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected device. The vulnerability is due to insufficient validation of user-supplied inp...

Cross site scripting

A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameter...

CVE-2017-12296

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected device. The vulnerability is due to insufficient validation of user-supplied inp...

Cisco IOS XE Software Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of the affected software. The vulnerability is due to insufficient input validation of some parameter...

Cisco WebEx Meeting Center Cross-Site Scripting Vulnerability

A vulnerability in Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of an affected system. The vulnerability is due to insufficient input validation of some parameters that are passed to the web server of the...

Cross site scripting

Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the...

WordPress Influencer Marketing And Press Release System 2.2 XSS

Class Input Validation Error Remote Yes Reflected Yes Credit Ricardo Sanchez Vulnerable Influencer Marketing & Press Release System plugin 2.2 Influencer Marketing & Press Release System plugin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplie...

Cross site scripting

Cross-Site Scripting XSS was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data in /sources/folders.queries.php. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website...

CVE-2017-15278

Cross-Site Scripting XSS was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data in /sources/folders.queries.php. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website...

Apache Struts 'Problem Report' XSS Vulnerability (S2-025)

Apache Struts is prone to a cross-site scripting XSS vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Cross site scripting

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of some parameters...

CVE-2017-12265

Cisco CVE-2017-12265 affects the Cisco ASA web-based management interface when WEBVPN is enabled. It is a cross-site scripting (XSS) vulnerability caused by insufficient input validation, exploitable by convincing a user to click a crafted link, enabling arbitrary script execution or access to br...

CVE-2017-14981

Cross-Site Scripting XSS was discovered in ATutor before 2.2.3. The vulnerability exists due to insufficient filtration of data url in /mods/standard/rssfeeds/editfeed.php. An attacker could inject arbitrary HTML and script code into a browser in the context of the vulnerable website...