Cross site scripting

A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due t...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is du...

Cisco Data Center Analytics Framework Stored Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Data Center Analytics Framework could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due t...

Atlassian Jira < 4.1.1 Multiple Vulnerabilities

According to its self-reported version number, the version of Atlassian JIRA hosted on the remote web server is prior to 4.1.1. It is, therefore, potentially affected by multiple vulnerabilities : - Remote authenticated attackers can exploit the privilege-escalation issue to gain SYSTEM-level...

PHP < 5.6.33, 7.x < 7.0.27, 7.1.x < 7.1.13, 7.2.x < 7.2.1 Multiple Vulnerabilities - Windows

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

Cross site scripting

A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet PoE and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attac...

Cross site scripting

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

Input validation

A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation ...

CVE-2017-12308

A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation ...

CVE-2018-0091

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

Cisco WAP150 Wireless Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet PoE and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attac...

Cisco Identity Services Engine DOM Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

BSA-2018-525

Security Advisory ID : BSA-2018-525 Component : Fabric OS Web GUI Revision : 1.0: Initial XSS vulnerabilities in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS FOS could allow remote unauthenticated attackers to execute arbitrary script code in...

PHP 5.6.x < 5.6.33 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.33. It is, therefore, affected by multiple vulnerabilities : - A potential infinite loop in gdImageCreateFromGifCtx. CVE-2018-5711 - A reflected XSS in .phar 404 page exists due to improper validati...

PHP 7.0.x < 7.0.27 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 7.0.x prior to 7.0.27. It is, therefore, affected by the following vulnerabilities : - A denial of service DoS vulnerability exists in the imagecreatefromgif and imagecreatefromstring functions of the gdgifin.c script...

CVE-2018-0118

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

CVE-2018-0118

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due to...

ZKTeco ZKAccess Security System 5.3.1 Stored XSS Vulnerability

Summary ZKAccess Systems are built on flexible, open technology to provide management, real-time monitoring, and control of your access control system-all from a browser, with no additional software to install. Our secure Web-hosted infrastructure and centralized online administration reduce your...

Easy!Appointments v1.2.1 Multiple Stored XSS Vulnerabilities

Summary Easy!Appointments is a highly customizable web application that allows your customers to book appointments with you via the web. Moreover, it provides the ability to sync your data with Google Calendar so you can use them with other services. It is an open source project and you can...