Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (cisco-sa-20170215-cucm1)

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. Copyright C 2017 Greenbon...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (cisco-sa-20170215-cucm2)

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. Copyright C 2017 Greenbon...

Cisco Firepower Management Center Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due ...

Cisco Firepower Management Center Web Framework Cross-Site Scripting Vulnerability

A vulnerability in the web framework of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability occurs because the affected software fails to perform sufficient validation a...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is due ...

CVE-2017-5964

An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "emoncms-master/Modules/vis/visualisations/compare.php" URL. An attacker could execute arbitrary HTML and script code in a...

CVE-2017-5963

An issue was discovered in caddy for TYPO3 before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the "paymillToken" HTTP POST parameter passed to the "caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/payment.php" URL. An attacker could execute...

CVE-2017-5962

An issue was discovered in contextswurfl for TYPO3 before 0.4.2. The vulnerability exists due to insufficient filtration of user-supplied data in the "forceua" HTTP GET parameter passed to the "/contextswurfl/Library/wurfl-dbapi-1.4.4.0/checkwurfl.php" URL. An attacker could execute arbitrary HTM...

Authorization

An issue was discovered in contextswurfl for TYPO3 before 0.4.2. The vulnerability exists due to insufficient filtration of user-supplied data in the "forceua" HTTP GET parameter passed to the "/contextswurfl/Library/wurfl-dbapi-1.4.4.0/checkwurfl.php" URL. An attacker could execute arbitrary HTM...

CVE-2017-5964

The CVE affects Emoncms up to version 9.8.0, where insufficient filtering of user-supplied data in multiple HTTP GET parameters passed to emoncms-master/Modules/vis/visualisations/compare.php allows an attacker to inject arbitrary HTML/JavaScript in a victim’s browser. The issue is caused by inad...

CVE-2017-5964

An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "emoncms-master/Modules/vis/visualisations/compare.php" URL. An attacker could execute arbitrary HTML and script code in a...

CVE-2017-5945

An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodllaudiourl" HTTP GET parameter passed to the "filterpoodllmoodle322016112802/poodll/mp3recorderskins/brazil/index.php" URL. An...

CVE-2017-5945

The CVE-2017-5945 issue affects the Moodle PoodLL Filter plugin (up to version 3.0.20). The root cause is insufficient filtration of user-supplied data in the poodll_audio_url HTTP GET parameter passed to the filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php URL. This lea...

CVE-2016-10215

An issue was discovered in Fastspot BigTree bigtree-form-builder before 1.2. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP POST parameters passed to a "site/index.php/../../extensions/com.fastspot.form-builder/ajax/redraw-field.php" URL. An attacke...

Atlassian Confluence Server 5.10.x < 5.10.6 XSS

Binary data 9942.prm...

TrueConf Server 4.3.7 - Multiple Vulnerabilities

TrueConf Server v4.3.7 Multiple Remote Web Vulnerabilities Vendor: TrueConf LLC Product web page: https://www.trueconf.com Affected version: 4.3.7.12255 and 4.3.7.12219 Summary: TrueConf Server is a powerful, high-quality and highly secured video conferencing software server. It is specially...

MantisBT < 1.2.19, 1.3.0 'view_type' XSS Vulnerability - Linux

MantisBT is prone to a cross-site scripting XSS vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software...

Schneider Electric homeLYnk Controller

CVSS V3 6.3 ATTENTION: Remotely exploitable/low skill level to exploit Vendor: Schneider Electric Equipment: homeLYnk Controller, LSS100100 Vulnerability: Cross-site Scripting AFFECTED PRODUCTS Schneider Electric reports that the vulnerability affects the following products: homeLYnk Controller,...

ManageEngine ADManager Plus < 6.5 build 6541 Multiple Vulnerabilities

ManageEngine ADManager Plus is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...