phpMyAdmin 4.0.x < 4.0.10.15 / 4.4.x < 4.4.15.5 / 4.5.x < 4.5.5.1 Multiple XSS (PMASA-2016-11)

Binary data 9356.prm...

Microsoft Internet Explorer XSS Filter CVE-2016-3212 Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a security-bypass vulnerability that affects the XSS Filter. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. They can then execute arbitrary script code in the context of th...

WordPress Kento Post Viewer Counter Plugin Multiple Vulnerabilities

WordPress Kento Post Viewer Counter Plugin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later CPE =...

TYPO3 Bookmark Toolbar XSS Vulnerability (TYPO3-CORE-SA-2016-006)

TYPO3 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3";...

WordPress Same Origin Method Execution Vulnerability (May 2016) - Windows

WordPress is prone to same origin method execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Fiyo CMS Cross-Site Scripting Vulnerability (CNVD-2016-03509)

Fiyo CMS is a content management system. Fiyo CMS fails to properly filter user-submitted "name" POST parameter data, which allows remote attackers to execute arbitrary HTML and script code in the affected browsers...

WordPress Same Origin Method Execution Vulnerability (May 2016) - Linux

WordPress is prone to same origin method execution vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Internet Explorer CVE-2016-0188 Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a security-bypass vulnerability. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a page containing malicious content. An attacker can exploit this issue to execute arbitrary script code in the context of the us...

Bugcrowd Bug Bounty #7 - Persistent Web Vulnerability

Document Title: =============== Bugcrowd Bug Bounty 7 - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1830 ID: b40f63ed19074014df808599e44684f6a18bb6f4f51cf21948ef78df2f56c13b Release Date: ============= 2016-05-10...

NationBuilder Cross Site Scripting

1 Stored XSS in 'signupnote' POST parameter ---------------------------------------------- PoC: input type="hidden" name="authenticitytoken" value="0ch5v8vyarO/yzmWoLWtOKBVpOjVVaQe/V8yg5jfNO8="...

PHPmongoDB CSRF And XSS Vulnerabilities

PHPmongoDB is prone to multiple cross-site scripting XSS and cross-site request forgery CSRF vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier...

Piwik < 2.16.0 Unspecified XSS

The version of Piwik running on the remote host is prior to 2.16.0. It is, therefore, affected by an unspecified cross-site scripting XSS vulnerability due to a failure to properly validate input before returning it to users. An unauthenticated, remote attacker can exploit this, via a crafted...

Microsoft Edge Proxy Object Universal Cross Site Scripting Vulnerability

This vulnerability allows remote attackers to inject arbitrary script code into arbitrary domains on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

Microsoft XML Core Services CVE-2016-0147 Remote Code Execution Vulnerability

Description Microsoft XML Core Services is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial-of-service conditions. Technologies Affected Microsoft Windows 10...

Moodle 2.8.x < 2.8.10 / 2.9.x < 2.9.4 / 3.0.x < 3.0.2 XSS

Binary data 9192.prm...

Cisco Unified Communications Domain Manager Cross-Site Scripting Vulnerability

A vulnerability in the Cisco Unified Communications Domain Manager Unified CDM could allow an authenticated, remote attacker to execute a cross-site scripting XSS attack. The vulnerability is due to insufficient input validation of user-supplied input. An attacker could exploit this vulnerability...

Apache Jetspeed Portal URI Path Reflected XSS

The Apache Jetspeed application running on the remote host is affected by a reflected cross-site scripting XSS vulnerability in the /portal script due to improper validation of URI path input before returning it to the users. An unauthenticated, remote attacker can exploit this, via a specially...

Apache ActiveMQ 5.x < 5.13.2 Multiple Vulnerabilities

The version of Apache ActiveMQ running on the remote host is 5.x prior to 5.13.2. It is, therefore, affected by multiple vulnerabilities : - A clickjacking vulnerability exists in the web-based administration console due to not setting the X-Frame-Options header in HTTP responses. A remote attack...

Sophos UTM URL Reflected XSS Vulnerability

Sophos UTM is prone to a reflected cross-site scripting XSS vulnerability. Copyright C 2016 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...

Joomla! Component com_poweradmin 2.3.0 - Multiple Vulnerabilities

--------------------------------------------------------- RatioSec Research Security Advisory RS-2016-001 --------------------------------------------------------- JSN PowerAdmin Joomla! Extension Remote Command Execution Via CSRF and XSS vulnerabilities...