Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2017-32475)

Cisco Firepower Management Center is a new generation of firewall management center software from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center due to the program failing to properly filter user-supplied input. An attacker could...

Kohana Security Component Cross-Site Scripting Vulnerability

Kohana is the Kohana team developed a set of MVC model based on the construction of PHP5 framework. security component is one of the security components . A cross-site scripting vulnerability exists in the Security component of Kohana versions prior to 3.3.6. A remote attacker can inject arbitrar...

Stored Cross-site Scripting Vulnerability in yiifcms v1.5

yiifcms is a content management system CMS developed on the yii framework. A stored cross-site scripting vulnerability exists in yiifcms v1.5, due to the system failing to strictly filter nickname and personality signature input. Attackers can use this vulnerability to obtain COOKIE information, ...

CVE-2017-6776

A vulnerability in the web framework of Cisco Elastic Services Controller ESC could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web interface. The vulnerability is due to insufficient validation of user-supplied input by the affecte...

HPE Project and Portfolio Management Center Cross-Site Scripting Vulnerability

HPE Project and Portfolio Management Center PPM is a suite of solutions from Hewlett Packard Enterprise HPE that provides project executives with the visibility and strategic operational needs to make decisions based on real-time visibility into the project lifecycle of the project portfolio. A...

Cisco Industrial Network Director Cross-Site Scripting Vulnerability

Cisco Industrial Network Director is an industrial automation management system from Cisco. The system automates the management of industrial Ethernet infrastructure by visualizing its operation. A cross-site scripting vulnerability exists in the web interface of Cisco Industrial Network Director...

Multiple cross-site scripting vulnerabilities in ScreenOS

Overview ScreenOS provided by Juniper Networks contains multiple cross-site scripting vulnerabilities. Toshitsugu Yoneyama and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

IBM Tivoli Monitoring Portal Arbitrary Code Execution Vulnerability

IBM Tivoli Monitoring ITM is a suite of system monitoring software from IBM in the United States. The software supports the detection of system bottlenecks and potential problems, performance monitoring of basic system resources, and automatic recovery from critical situations. An arbitrary comma...

EMC RSA Authentication Manager Cross-Site Scripting Vulnerability (CNVD-2017-24569)

EMC RSA Authentication Manager is a centralized binary authentication software from EMC. The software centralizes the management of binary authentication, security tokens, methods and users across physical sites. A cross-site scripting vulnerability exists in EMC RSA Authentication Manager 8.2 SP...

Multiple Cross-Site Scripting Vulnerabilities in Schneider Electric Pelco Sarix/Spectra Cameras

Pelco Sarix/Spectra Cameras is a camera offered by Pelco. Schneider Electric Pelco Sarix/Spectra Cameras has multiple cross-site scripting vulnerabilities that can be exploited by attackers to execute arbitrary HTML and script code...

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon provided by Cybozu, Inc. contains a cross-site scripting in the application menu. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact An arbitrary script may be executed on the logged-in user's web browser. Solution Upda...

Cross-site Scripting Vulnerability in multiple Hitachi products

Overview A cross-site scripting vulnerability was found in uCosminexus Portal Framework, Groupmax Collaboration, Hitachi Navigation Platform and JP1/Navigation Platform. Impact Remote users can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor...

Kaspersky Anti-Virus for Linux File Server Reflective Cross-Site Scripting Vulnerability

Kaspersky Anti-Virus for Linux File Server is designed to provide antivirus protection for file servers running under the Linux operating system. A reflected cross-site scripting vulnerability exists in Kaspersky Anti-Virus for Linux File Server. The vulnerability allows an attacker to execute...

Sitecore CMS 'searchStr' Parameter Cross-Site Scripting Vulnerability

Sitecore CMS is a content management system. A cross-site scripting vulnerability exists in the Sitecore CMS 'searchStr' parameter. As the program fails to sanitize to user-supplied input. An attacker could exploit the vulnerability to execute arbitrary code in a user's browser script on the...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2017-15836)

Cisco Firepower Management Center is a new generation of firewall management center software from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the Web Framework in Cisco Firepower Management Center 5.4.1 and prior versions, which arises from the program failing to...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2017-15830)

Cisco Firepower Management Center is a new generation of firewall management center software from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in the web framework code in Cisco Firepower Management Center versions prior to 6.0.0.0, which arises from the program's...

HP PageWide Printers / HP OfficeJet Pro Printers (OfficeJet Pro 8210) - Arbitrary Code Execution Exp

Exploit for hardware platform in category remote exploits Create a bind shell on an unpatched OfficeJet 8210 Write a script to profile.d and reboot the device. When it comes back online then nc to port 1270. easysnmp instructions: sudo apt-get install libsnmp-dev pip install easysnmp import socke...

Microsoft Outlook Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially crafted email messages. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or...

Cross-site scripting vulnerability in WordPress plugin "WordPress Download Manager"

Overview The WordPress plugin "WordPress Download Manager" provided by W3 Eden, Inc. contains a cross-site scripting vulnerability CWE-79. Gen Sato of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...

Cybozu KUNAI for Android vulnerable to cross-site scripting

Overview Cybozu KUNAI for Android is mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android contains a cross-site scripting vulnerability CWE-79 due to an issue in mobile view mode. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its...