CVE-2017-6486

A Cross-Site Scripting XSS issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data nyroModalSel passed to the "reasoncms-master/www/nyroModal/demoSent.php" URL. An attacker could execute arbitrary HTML and script code in a...

CVE-2017-6487

CVE-2017-6487 describes multiple XSS vulnerabilities in EPESI 1.8.1.1 due to insufficient filtration of user-supplied data (state, element, id, tab, cid) passed to EPESI-master/modules/Utils/RecordBrowser/favorites.php. Reported impacts: an attacker could inject arbitrary HTML/script code execute...

CVE-2017-6489

EPESI ≤ 1.8.1.1 contains multiple Cross-Site Scripting (XSS) flaws due to insufficient sanitization of user-supplied data (element, state, cat, id, cid) passed to the Subscribe endpoint. The identified vulnerable component is EPESI-master/modules/Utils/Watchdog/subscribe.php, which can process un...

CVE-2017-6483

Multiple Cross-Site Scripting XSS issues were discovered in ATutor 2.2.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages langcode in themes//admin/systempreferences/languageedit.tmpl.php. An attacker could execute arbitrary HTML and script...

CVE-2017-6481

Multiple Cross-Site Scripting XSS issues were discovered in phpipam 1.2. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to several pages instructions in app/admin/instructions/preview.php; subnetId in app/admin/powerDNS/refresh-ptr-records.php. An attacker...

CVE-2017-6396

An issue was discovered in WPO-Foundation WebPageTest 3.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerabl...

Authorization

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "adminconsole/web/tools/SimpleJWPlayer.php" URL, the "adminconsole/web/tools/AkamaiBroadcaster.php" URL, the "adminconsole/web/tools/bigRedButton.php...

Cross site scripting

Multiple Cross-Site Scripting XSS issues were discovered in OpenEMR 5.0.0 and 5.0.1-dev. The vulnerabilities exist due to insufficient filtration of user-supplied data passed to the "openemr-master/gacl/admin/objectsearch.php" URL sectionvalue; srcform. An attacker could execute arbitrary HTML an...

CVE-2017-6390

An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "whatanime.ga-master/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the...

Authorization

An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "whatanime.ga-master/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the...

Authorization

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "server-Lynx-12.11.0/adminconsole/web/tools/XmlJWPlayer.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the contex...

CVE-2017-6391

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "adminconsole/web/tools/SimpleJWPlayer.php" URL, the "adminconsole/web/tools/AkamaiBroadcaster.php" URL, the "adminconsole/web/tools/bigRedButton.php...

CVE-2017-6391

An issue was discovered in Kaltura server Lynx-12.11.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "adminconsole/web/tools/SimpleJWPlayer.php" URL, the "adminconsole/web/tools/AkamaiBroadcaster.php" URL, the "adminconsole/web/tools/bigRedButton.php...

Authorization

An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "nagvis-master/share/userfiles/gadgets/stdtable.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable...

CVE-2017-6390

An issue was discovered in whatanime.ga before c334dd8499a681587dd4199e90b0aa0eba814c1d. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "whatanime.ga-master/index.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the...

CVE-2017-6393

An issue was discovered in NagVis 1.9b12. The vulnerability exists due to insufficient filtration of user-supplied data passed to the "nagvis-master/share/userfiles/gadgets/stdtable.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable...

CVE-2017-6390

CVE-2017-6390 impacts whatanime.ga due to insufficient filtration of user-supplied data passed to the the path “whatanime.ga-master/index.php”. The connected CNVD entry describes a cross-site scripting vulnerability where an attacker can cause arbitrary HTML/JavaScript to execute in a browser con...

CVE-2017-6397

An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability exists due to insufficient filtration of user-supplied data in multiple parameters passed to several -sub-menu.php pages. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable...

BigTree CMS Potential XSS Attack

BigTree CMS is prone to an XSS vulnerability due to an improper validation of input. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (cisco-sa-20170215-cucm1)

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. Copyright C 2017 Greenbon...