Subrion cross-site scripting vulnerability (CNVD-2018-14782)

Subrion CMS is a PHP-based content management system CMS developed by the Subrion team. The system can be integrated into a website and supports a wide range of extensions plug-ins and more. A cross-site scripting vulnerability exists in uploads/.htaccess in Subrion CMS version 4.2.1, which stems...

CVE-2017-7463

JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of...

Design/Logic Flaw

JBoss BRMS 6 and BPM Suite 6 before 6.4.3 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of...

WordPress Strong Testimonials Plugin Has Multiple Cross-Site Scripting Vulnerabilities

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple cross-site scripting vulnerabilities exist in the WordPress Strong Testimonials plugin, which can be exploited by an...

WordPress Gwolle Guestbook plugin cross-site scripting vulnerability (CNVD-2018-13972)

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Gwolle Guestbook plugin, which can be exploited by an attacker t...

Cisco Webex Cross-Site Scripting Vulnerability (CNVD-2018-14204)

Cisco WebEx is the United States Cisco Cisco company's set of Web conferencing tools, the tool can assist off-site office workers to coordinate and collaborate.WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging IM. A cross-site scripting...

WordPress plugin "FV Flowplayer Video Player" vulnerable to cross-site scripting

Overview The WordPress plugin "FV Flowplayer Video Player" provided by Foliovision contains a cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary...

CVE-2016-9486

CVE-2016-9486 affects ForeScout CounterACT's Windows SecureConnector agent. The agent downloads and runs scripts/executables from the current user’s TEMP directory while executing a SYSTEM-level batch file, creating insecure permissions and enabling privilege escalation for a local unprivileged u...

Code injection

In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the...

CVE-2018-8024

In Apache Spark 2.1.0 to 2.1.2, 2.2.0 to 2.2.1, and 2.3.0, it's possible for a malicious user to construct a URL pointing to a Spark cluster's UI's job and stage info pages, and if a user can be tricked into accessing the URL, can be used to cause script to execute and expose information from the...

CVE-2018-8024

Apache Spark UI cross-site scripting (CVE-2018-8024) affects Spark UI before 2.3.2, including 2.1.0–2.1.2, 2.2.0–2.2.1, and 2.3.0. A malicious user can craft a URL to the Spark UI’s /jobs/ endpoint; if a user visits the URL, JavaScript can execute in the victim’s browser within the Spark UI conte...

Cisco Web Security Appliance Cross-Site Scripting Vulnerability (CNVD-2018-13760)

Cisco Web Security Appliance WSA is a set of Web security appliances from Cisco USA. The appliance provides SaaS-based access control, real-time network reporting and tracking, and the development of security policies. A cross-site scripting vulnerability exists in the web-based management...

Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability

Microsoft Active Directory Federation Services ADFS is an Active Directory Federation Service from Microsoft. The service provides Web Single Sign-On SSO technology, which enables authentication of a user to multiple websites or applications during a single session. A cross-site scripting...

JVN#63895206: Multiple vulnerabilities in Calsos CSDX and CSDJ series products

Calsos CSDX and CSDJ series products provided by NEC Platforms, Ltd. contain multiple vulnerabilities listed below. Access Restriction Bypass CWE-284 - CVE-2018-0613 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H| Base Score: 8.8 CVSS v2|...

Mailman vulnerable to cross-site scripting

Overview Mailman provided by GNU Mailman contains a stored cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2018-12400)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A cross-site scripting vulnerability exists in Mozilla Firefox versions prior to 59, where the program fails to properly validate user-submitted input. The vulnerability can be exploited by a...

CA Privileged Access Manager Cross-Site Scripting Vulnerability

CA Privileged Access Manager is a privileged access manager from CA USA that centralizes privileged user policies across multiple physical and virtual environments and manages and controls access used to IT resources. A cross-site scripting vulnerability exists in version 2.x of CA Privileged...

CVE-2018-9027

A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link...

VOOKI - Web Application Vulnerability Scanner

Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section. Vooki – Web Application Scanner can help you to find the...

Security Bulletin: Multiple vulnerabilities in IBM SPSS Collaboration and Deployment Services

Summary Multiple vulnerabilities exist in IBM SPSS Collaboration and Deployment Services. See the individual descriptions for details. Vulnerability Details VULNERABILITY DETAILS: CVEID: CVE-2013-4044 DESCRIPTION: An authenticated remote attacker can send a HTTP request to retrieve the content of...