CVE-2018-6823

In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the com.feingeist.shimo.helper tool LaunchDaemon implements an unprotected XPC service that can be abused to execute scripts as root...

CVE-2017-15706

As part of the fix for bug 61201, the documentation for Apache Tomcat 9.0.0.M22 to 9.0.1, 8.5.16 to 8.5.23, 8.0.45 to 8.0.47 and 7.0.79 to 7.0.82 included an updated description of the search algorithm used by the CGI Servlet to identify which script to execute. The update was not correct. As a...

CloudBees Jenkins Active Choices Plugin HTML Injection Vulnerability

CloudBees Jenkins formerly known as Hudson Labs is the U.S. CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and a number of timed tasks . Active Choices is used in one o...

WordPress plugin "WP Retina 2x" vulnerable to cross-site scripting

Overview The WordPress plugin "WP Retina 2x" contains a reflected cross-site scripting vulnerability CWE-79. Chris Liu reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on a...

Elasticsearch Kibana Cross-Site Scripting Vulnerability

Elasticsearch Kibana formerly known as elasticsearch-dashboard is a suite of open-source, browser-based analytics and search Elasticsearch dashboard tools from the Dutch company Elasticsearch. A cross-site scripting vulnerability exists in Elasticsearch Kibana versions 5.6.6 and 6.1.2, which stem...

Cross site scripting

Potential security vulnerabilities have been identified with HP JetAdvantage Security Manager before 3.0.1. The vulnerabilities could potentially be exploited to allow stored cross-site scripting which could allow a hacker to execute scripts in a user's browser...

CVE-2017-2745

The CVE-2017-2745 entry concerns HP JetAdvantage Security Manager prior to version 3.0.1, which is susceptible to stored cross-site scripting (XSS). The vulnerability arises in the application’s handling of data in a way that could allow a malicious actor to inject and execute scripts in a user’s...

CVE-2017-12308

A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct an HTTP response splitting attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation ...

CVE-2018-0091

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an unauthenticated, remote attacker to conduct a Document Object Model DOM cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The...

Cross site scripting

A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting XSS attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input...

CVE-2018-0098

A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet PoE and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attac...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2018-01388)

Cisco Unified Communications Manager CUCM, Unified CM, CallManager is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting...

Microsoft SharePoint Enterprise Server Cross-Site Scripting Vulnerability

Microsoft SharePoint Enterprise Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enables you to share work, collaborate with others, organize projects and workgroups, and search for people and information. A...

Trend Micro Smart Protection Server Incorrect Access Control Vulnerability

Trend Micro Smart Protection Server is the next generation of cloud-based advanced protection solutions. An incorrect access control vulnerability exists in Trend Micro Smart Protection Server. An attacker can exploit the vulnerability to obtain cookie authentication credentials, execute arbitrar...

TYPO3 Recommend Page Extension Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in the TYPO3 Recommend Page extension due to the program failing to properly filter user-supplied input. An attacker could use the...

Cisco UCS Central Software Cross-Site Scripting Vulnerability (CNVD-2017-36134)

Cisco UCS Central Software is the United States Cisco Cisco company's set of global Cisco UCS Unified Computing System resources for server management and monitoring solutions. A cross-site scripting vulnerability exists in the web-based management interface of Cisco UCS Central Software, which...

Multiple vulnerabilities in multiple Buffalo broadband routers

Overview BBR-4HG and BBR-4MG provided by BUFFALO INC. are wireless LAN routers. BBR-4HG and BBR-4MG contain multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2017-10896 Improper Input Validation CWE-20 - CVE-2017-10897 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions,...

Cross-site Scripting Vulnerability in JP1/Operations Analytics

Overview A cross-site scripting vulnerability was found in JP1/Operations Analytics. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

CVE-2017-12356

A vulnerability in the web-based management interface of Cisco Jabber for Windows, Mac, Android, and iOS could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is du...

Cisco Registered Envelope Service Cross-Site Scripting Vulnerability (CNVD-2017-34811)

Cisco Registered Envelope Service is a set of mail service solutions from Cisco USA. The product includes read receipts for mail, mail recycling, mail forwarding and reply functions, and provides smartphone support. A cross-site scripting vulnerability exists in the web interface in Cisco...