Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (cisco-sa-20170215-cucm2)

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. Copyright C 2017 Greenbon...

Cisco Firepower Management Center Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due ...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due ...

Cisco Firepower Management Center Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability occurs because the affected software fails to perform sufficient validation a...

Authorization

An issue was discovered in contextswurfl for TYPO3 before 0.4.2. The vulnerability exists due to insufficient filtration of user-supplied data in the "forceua" HTTP GET parameter passed to the "/contextswurfl/Library/wurfl-dbapi-1.4.4.0/checkwurfl.php" URL. An attacker could execute arbitrary HTM...

CVE-2017-5963

An issue was discovered in caddy for TYPO3 before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the "paymillToken" HTTP POST parameter passed to the "caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php" URL. An attacker could execute...

CVE-2017-5964

An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "emoncms-master/Modules/vis/visualisations/compare.php" URL. An attacker could execute arbitrary HTML and script code in a...

CVE-2017-5962

An issue was discovered in contextswurfl for TYPO3 before 0.4.2. The vulnerability exists due to insufficient filtration of user-supplied data in the "forceua" HTTP GET parameter passed to the "/contextswurfl/Library/wurfl-dbapi-1.4.4.0/checkwurfl.php" URL. An attacker could execute arbitrary HTM...

CVE-2017-5964

An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "emoncms-master/Modules/vis/visualisations/compare.php" URL. An attacker could execute arbitrary HTML and script code in a...

CVE-2017-5964

The CVE affects Emoncms up to version 9.8.0, where insufficient filtering of user-supplied data in multiple HTTP GET parameters passed to emoncms-master/Modules/vis/visualisations/compare.php allows an attacker to inject arbitrary HTML/JavaScript in a victim’s browser. The issue is caused by inad...

CVE-2017-5945

An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodllaudiourl" HTTP GET parameter passed to the "filterpoodllmoodle322016112802/poodll/mp3recorderskins/brazil/index.php" URL. An...

CVE-2016-10215

An issue was discovered in Fastspot BigTree bigtree-form-builder before 1.2. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP POST parameters passed to a "site/index.php/../../extensions/com.fastspot.form-builder/ajax/redraw-field.php" URL. An attacke...

CVE-2017-5945

The CVE-2017-5945 issue affects the Moodle PoodLL Filter plugin (up to version 3.0.20). The root cause is insufficient filtration of user-supplied data in the poodll_audio_url HTTP GET parameter passed to the filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php URL. This lea...

Atlassian Confluence Server 5.10.x < 5.10.6 XSS

Binary data 9942.prm...

TrueConf Server 4.3.7 - Multiple Vulnerabilities

TrueConf Server v4.3.7 Multiple Remote Web Vulnerabilities Vendor: TrueConf LLC Product web page: https://www.trueconf.com Affected version: 4.3.7.12255 and 4.3.7.12219 Summary: TrueConf Server is a powerful, high-quality and highly secured video conferencing software server. It is specially...

MantisBT < 1.2.19, 1.3.0 'view_type' XSS Vulnerability - Linux

MantisBT is prone to a cross-site scripting XSS vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

Schneider Electric homeLYnk Controller

CVSS V3 6.3 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Schneider Electric Equipment: homeLYnk Controller, LSS100100 Vulnerability: Cross-site Scripting AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following products: homeLYnk Controller,...

ManageEngine ADManager Plus < 6.5 build 6541 Multiple Vulnerabilities

ManageEngine ADManager Plus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Open-Xchange (OX) App Suite Multiple XSS Vulnerabilities

Open-Xchange OX App Suite is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later Thi...