XSS in Error Page - ownCloud

A Attacker can inject HTML script code into a error message Affected Software ownCloud Server 10.0.2 CVE-2017-8896 ownCloud Server 9.1.6 CVE-2017-8896 ownCloud Server 9.0.10 CVE-2017-8896 ownCloud Server 8.2.12 CVE-2017-8896 Action Taken Escape output Acknowledgements The ownCloud team thanks the...

Server: XSS in Error Page

A Attacker can inject HTML script code into a error message For more information please consult the official advisory. This advisory is licensed CC BY-SA 4.0...

Cisco Unified Communications Manager XSS (cisco-sa-20170517-ucm)

According to its self-reported version, the Cisco Unified Communications Manager CUCM running on the remote device is affected by a cross-site scripting XSS vulnerability in the web-based management interface due to improper validation of user-supplied input before returning it to users. An...

Logsign Remote Code Injection Vulnerability

Logsign is the next generation security information and event management solution for security intelligence, log management and easy compliance reporting. Logsign suffers from a remote code injection vulnerability. An attacker could exploit this vulnerability to execute arbitrary script code with...

Kodak InSite 6.5 <= 8.0 XSS Vulnerability

Kodak InSite is prone to a cross-site scripting XSS vulnerability because it fails to sufficiently sanitize user-supplied data. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2017-6654

A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerabilit...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Dolibarr <= 4.0.4 Multiple Vulnerabilities - Active Check

Dolibarr is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dolibarr:dolibarr"; ifdescription...

Microsoft SharePoint CVE-2017-0255 Cross Site Scripting Vulnerability

Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

Microsoft Internet Explorer and Edge CVE-2017-0231 Spoofing Vulnerability

Description Microsoft Internet Explorer and Edge are prone to a security vulnerability that may allow attackers to conduct spoofing attacks. An attacker can exploit this issue to conduct spoofing attacks and perform unauthorized actions; other attacks are also possible. Technologies Affected...

Emby MediaServer 3.2.5 Reflected Cross Site Scripting

Emby MediaServer 3.2.5 Reflected XSS Vulnerability Vendor: Emby LLC Product web page: https://www.emby.media Affected version: 3.2.5 3.1.5 3.1.2 3.1.1 3.1.0 3.0.0 Summary: Emby formerly Media Browser is a media server designed to organize, play, and stream audio and video to a variety of devices...

Splunk Enterprise 6.4.x < 6.4.7 Multiple Vulnerabilities

According to its self-reported version number, the version of Splunk Enterprise running on the remote web server is 6.4.x prior to 6.4.7. It is, therefore, affected by multiple vulnerabilities : - Multiple cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied...

XOOPS <= 2.5.8.1 XSS Vulnerability

XOOPS is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xoops:xoops";...

MantisBT 2.3.x < 2.3.2 XSS Vulnerability - Windows

MantisBT is prone to a cross-site scripting XSS vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

Cross site scripting

A vulnerability in the web framework code of Cisco Prime Infrastructure 2.22 could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some...

Cisco Prime Infrastructure Web Framework Code Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of some...

Cybozu Office 10.0.0 - 10.5.0 Multiple Security Vulnerabilities

Cybozu Office is prone to multiple security vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cybozu:office";...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due t...

Cross site scripting

Multiple Cross-Site Scripting XSS were discovered in 'openeclass Release3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data meetingid, user passed to the 'openeclass-master/modules/tc/webconf/webconf.php' URL. An attacker could execute arbitrary HTML and script...

CVE-2017-7391

A Cross-Site Scripting XSS was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data prefix passed to the 'magmi-git-master/magmi/web/ajaxgettime.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of...