CVE-2016-6854

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwant...

CVE-2016-6845

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code within hyperlinks at HTML E-Mails is not getting correctly sanitized when using base64 encoded "data" resources. This allows an attacker to provide hyperlinks that may execute script code instead of directing to a...

CVE-2016-2840

An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. The "session" parameter for file-download requests can be used to inject script code that gets reflected through the subsequent status page. Malicious script code can be executed within a trusted domain's context...

CVE-2016-5124

Open-Xchange OX App Suite (frontend) is affected by CVE-2016-5124. Before 7.8.1-rev14, dragging and dropping images from external sources into HTML editors (e.g., E‑Mail Compose, OX Text) can inject script code in the user’s context, bypassing XSS filters. Exploitation requires user social engine...

CVE-2016-6850

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. SVG files can be used as profile pictures. In case their XML structure contains iframes and script code, that code may get executed when calling the related picture URL or viewing the related person's image within a browser...

CVE-2016-6843

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Script code can be injected to contact names. When adding those contacts to a group, the script code gets executed in the context of the user which creates or changes the group by using autocomplete. In most cases this is a...

MediaWiki 1.23.x < 1.23.15 / 1.26.x < 1.26.4 / 1.27.x < 1.27.1 Multiple Vulnerabilities

Binary data 9824.prm...

SPIP 3.1.3 'rac' Parameter XSS Vulnerability

SPIP is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:spip:spip"; if...

Cisco Meeting Server Cross-Site Scripting Vulnerability (cisco-sa-20160714-ms)

Cisco Meeting Server is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

IBM Tivoli Storage Manager FastBack Stack Buffer Overflow Vulnerability

IBM Tivoli Storage Manager FastBack is a suite of software from IBM USA that provides continuous data protection and recovery management capabilities for Microsoft Windows and Linux servers. A stack buffer overflow vulnerability exists in IBM Tivoli Storage Manager FastBack due to a failure to...

Microsoft Edge and Internet Explorer XSS Filter CVE-2016-7239 Information Disclosure Vulnerability

Description Microsoft Edge and Internet Explorer are prone to an information-disclosure vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. An attacker can exploit this issue to execute...

Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System IPICS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of some parameters passed to the web...

Cisco Prime Collaboration Provisioning Cross-Site Scripting Vulnerability

Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of the affected system. SPDX-FileCopyrightText: 2016 Greenbone AG Som...

Cisco IP Interoperability and Collaboration System Cross-Site Scripting Vulnerability

A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System IPICS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of some parameters passed to the web...

Google Chrome Security Updates (stable-channel-update-for-desktop-2016-10) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Mantis Bug Tracker Filter API view_type Cross Site Scripting (CVE-2016-6837)

A cross-site scripting vulnerability exists in the Filter API component of Mantis Bug Tracker. The vulnerability is due to insufficient input validation on the viewtype parameter in viewallbugpage.php. A remote attacker could exploit this vulnerability by enticing authenticated users to click on ...

PRTG Network Monitor XSS Vulnerability

PRTG Network Monitor is prone to a cross-site scripting vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Internet Explorer CVE-2016-3353 Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a security-bypass vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. This could allow the attacker to bypass certain security restrictions. This may lead to othe...

Open-Xchange Guard 2.4.2 - Multiple Cross Site Scripting

Exploit for linux platform in category web applications Product: OX Guard Vendor: OX Software GmbH Internal reference: 47878 Bug ID Vulnerability type: Cross Site Scripting CWE-80 Vulnerable version: 2.4.2 and earlier Vulnerable component: guard Report confidence: Confirmed Solution status: Fixed...

Microsoft Exchange Server CVE-2016-3379 Cross Site Scripting Vulnerability

Description Microsoft Exchange Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow...