CKEditor - posteddata.php Cross-Site Scripting

CKEditor - posteddata.php Cross-Site Scripting source: https://www.securityfocus.com/bid/58045/info CKEditor is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

AbanteCart 'index.php' Multiple Cross Site Scripting Vulnerabilities

AbanteCart 'index.php' Multiple Cross Site Scripting Vulnerabilities. Webapps exploit for php platform source: http://www.securityfocus.com/bid/57948/info AbanteCart is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverag...

Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities

Document Title: =============== Sonicwall OEM Scrutinizer v9.5.2 - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=786 Release Date: ============= 2013-02-13 Vulnerability Laboratory ID VL-ID: ====================================...

Microsoft Windows Object Linking and Embedding (OLE) Automation Remote Code Execution Vulnerability

Description Microsoft Windows Object Linking and Embedding OLE Automation is prone to a remote code-execution vulnerability due to an integer overflow error. An attacker can exploit this issue by enticing an unsuspecting user to view a malicious webpage or a specially crafted file. Successful...

Cisco NAC Appliance Cross-Site Scripting Vulnerability

Cisco NAC Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input processed by the affected software. An unauthenticated, remote attacker could explo...

WordPress Theme Pinboard - 'tab' Cross-Site Scripting

source: https://www.securityfocus.com/bid/57873/info The Pinboard theme for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...

MantisBT search.php match_type Parameter XSS

The version of MantisBT installed on the remote host fails to properly sanitize user-supplied input to the 'matchtype' parameter of the 'search.php' script before using it to generate dynamic HTML output. An attacker may be able to leverage this to inject arbitrary HTML and script code into a...

Advantech WebAccess HMI and SCADA Software Cross-Site Scripting

A cross site scripting vulnerability has been reported in Advantech WebAccess HMI/SCADA software. The vulnerability is due to improper validation of input passed via the 'ProjDesc' parameter. A remote attacker can exploit this vulnerability to execute arbitrary HTML and script code in a browser...

WordPress Plugin CommentLuv - '_ajax_nonce' Cross-Site Scripting

source: https://www.securityfocus.com/bid/57771/info The CommentLuv plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

WordPress Plugin CommentLuv - _ajax_nonce Cross-Site Scripting

WordPress Plugin CommentLuv - ajaxnonce Cross-Site Scripting source: https://www.securityfocus.com/bid/57771/info The CommentLuv plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue...

LogAnalyzer userchange.php 'viewid' Parameter XSS

The LogAnalyzer install hosted on the remote web server is affected by a cross-site scripting vulnerability due to a failure to properly sanitize user input to the 'viewid' parameter of the 'userchange.php' script. An attacker can exploit this issue to inject arbitrary HTML and script code into a...

Cisco Unity Express Multiple XSS and CSRF Vulnerabilities (Cisco-SA-20130201-CVE-2013-1114, Cisco-SA-20130201-CVE-2013-1120) - Active Check

Cisco Unity Express is prone to multiple cross-site scripting XSS and cross-site request forgery CSRF vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Joomla! 2.5.x < 2.5.7 Multiple XSS

According to its self-reported version number, the Joomla! installation running on the remote web server is 2.5.x prior to 2.5.7. It is, therefore, affected by multiple cross-site XSS scripting vulnerabilities : - A cross-site scripting XSS vulnerability exists in the defaultsystem.php script due...

WordPress Flashnews Theme - Multiple Input Validation Vulnerabilities

This Flashnews theme is prone to multiple input-validation vulnerabilities. An attacker to disclose sensitive information, execute arbitrary script code in the browser, cause denial-of-service conditions or steal cookie-based authentication credentials. Other attacks are also possible. Solution...

WordPress Theme flashnews - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/57676/info The flashnews Theme for WordPress is prone to multiple input-validation vulnerabilities. An attacker may leverage these issues to cause denial-of-service conditions, disclose sensitive information, upload arbitrary files to the affected compute...

WordPress Theme flashnews - Multiple Input Validation Vulnerabilities

WordPress Theme flashnews - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/57676/info The flashnews Theme for WordPress is prone to multiple input-validation vulnerabilities. An attacker may leverage these issues to cause denial-of-service conditions, disclose...

WordPress Plugin Audio Player - playerID Cross-Site Scripting

WordPress Plugin Audio Player - playerID Cross-Site Scripting source: https://www.securityfocus.com/bid/57848/info The Audio Player plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue ...

WordPress Plugin Audio Player - &#039;playerID&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/57848/info The Audio Player plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Dell OpenManage Server Administrator Multiple XSS Vulnerabilities

Dell OpenManage Server Administrator is prone to multiple cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Multiple Cross-Site Scripting (XSS) in glFusion

High-Tech Bridge Security Research Lab discovered multiple XSS vulnerabilities in glFusion, which can be exploited to perform Cross-Site Scripting attacks. glFusion has a "badbehaviour" plugin installed by default that verifies HTTP Referer, aimed to protect against spambots. The plugin also make...