CVE-2017-2140

Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory...

CVE-2017-2140

Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory...

CVE-2017-2140

CVE-2017-2140 affects Tablacus Explorer 17.3.30 and earlier. The root cause is improper handling of directory names, leading to a script injection vulnerability that allows arbitrary scripts to run in the context of the application. Impact stated: when a user accesses a crafted directory, an arbi...

Security Bulletin: NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe (repackaged Node.js)

Vulnerability Details The following section summarizes the vulnerability and CVSS risk assessment. CVE-2017-6250 NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper.exe, where untrusted script execution may lead to violation of application execution policy and local code...

FlySpray 1.0-rc4 - Cross-Site Scripting / Cross-Site Request Forgery

Exploit Title: XSRF Stored FlySpray 1.0-rc4 XSS2CSRF add admin account Date: 19/04/2017 Exploit Author: Cyril Vallicari / HTTPCS / ZIWIT : https://www.openoffice.org Version: 1.0-rc4 Tested on: Windows 7 x64 SP1 / Kali Linux Description : A vulnerability has been discovered in Flyspray , which ca...

Palo Alto Networks PAN-OS Cross-Site Scripting Vulnerability (CNVD-2017-06109)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. Palo Alto Networks PAN-OS suffers from a cross-site scripting vulnerability due to the program failing to properly filter user-supplied input. An attacker could exploit the...

WordPress plugin "Booking Calendar" vulnerable to cross-site scripting

Overview The WordPress plugin "Booking Calendar" provided by wpdevelop contains a stored cross-site scripting vulnerability CWE-79. Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this vulnerability to IPA. JPCERT/C...

Cross-site Scripting (XSS)

Morris.js is vulnerable to cross-site scripting XSS attacks. These attacks are possible through the hovering label names. These labels aren't escaped so if these labels are attacker controlled, malicious script can be executed client side each time a graph is loaded...

Cross-site scripting vulnerability in multiple IBM products (CNVD-2017-05680)

IBM global information technology and business solutions company. A cross-site scripting vulnerability exists in multiple IBM products because it fails to properly filter user-supplied input. An attacker could exploit the vulnerability to execute arbitrary script code in an unsuspecting user's...

CVE-2016-1155

HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies...

CVE-2017-3125

An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker...

CVE-2017-3125

CVE-2017-3125 describes an unauthenticated Cross-Site Scripting (XSS) vulnerability in Fortinet FortiMail. Affected versions: FortiMail 5.0.0–5.2.9 and 5.3.0–5.3.8. An attacker can trick a logged-in user into clicking a crafted URL, enabling execution of arbitrary scripts in the user’s browser in...

ASSETBASE vulnerable to cross-site scripting

Overview ASSETBASE provided by UCHIDA YOKO CO., LTD. is an IT asset management tool. ASSETBASE contains a cross-site scripting vulnerability CWE-79. Keitaro Yamazaki of Kyoto University reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

Fortinet FortiMail Cross-Site Scripting Vulnerability (CNVD-2017-04565)

Fortinet FortiMail is a mail information security appliance from the U.S. company Fita Fortinet, which provides a message filtering engine, anti-spam and threat defense. A cross-site scripting vulnerability exists in Fortinet FortiMail that stems from a failure to properly filter user-supplied...

CVE-2017-7463

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code with...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

Cisco Unified Communications Manager CUCM, Unified CM is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting vulnerability exists i...

CherryMusic Cross-Site Scripting Vulnerability

CherryMusic is a music streaming server based on CherryPy and jPlayer. A cross-site scripting vulnerability exists in CherryMusic, which can be exploited by an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of an affected site, due to the program...

The vulnerability of the Internet Explorer browser, which allows a violator to obtain confidential information

The vulnerability of the VBS script execution mechanism in Internet Explorer is related to the lack of protection for service data. Exploiting this vulnerability allows a malicious actor, operating remotely, to obtain confidential information from the process’s memory through a specially crafted...

Gazelle cross-site scripting vulnerability (CNVD-2017-05628)

Gazelle is a set of web frameworks for BitTorrent trackers. A cross-site scripting vulnerability exists in versions of Gazelle prior to 2017-03-19. A remote attacker can exploit the vulnerability to execute arbitrary HTML and script...

Unspecified Cross-Site Scripting Vulnerability in Trend Micro ServerProtect for Linux

Trend Micro ServerProtect for Linux is an enterprise-grade anti-virus program that runs on Linux. An unspecified cross-site scripting vulnerability exists in Trend Micro ServerProtect for Linux, which is caused by a failure to validate user-submitted data. The vulnerability can be exploited to...