CVE-2017-7248

A Cross-Site Scripting XSS was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data type passed to the 'Gazelle-master/sections/better/transcode.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the...

WordPress plugin "YOP Poll" vulnerable to cross-site scripting

Overview The WordPress plugin "YOP Poll" contains a stored cross-site scripting CWE-79 vulnerability. Sho Ueshima, Takashi Honda, Tsuyoshi Ogawa and Minaho Umehara of SIE Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

DEBIAN-CVE-2017-7203

A Cross-Site Scripting XSS was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data postLoginQuery passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An attacker could execute arbitrary HTML and scrip...

Dashbuilder: Reflected XSS

JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder usually admins to click on links to /dashbuilder/Controller containing malicious scripts. Successful exploitation would allow execution of...

Mozilla Firefox/Thunderbird Memory Corruption Vulnerability (CNVD-2017-03835)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the U.S. Thunderbird is a mail tool adapted from the mail widget of the Mozilla browser. A memory corruption vulnerability exists in Mozilla Firefox/Thunderbird. An attacker can exploit the vulnerability to execu...

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability (CNVD-2017-03606)

Cisco Unified Communications Manager CUCM, Unified CM is a call-processing component of a unified communications system from Cisco. The component provides a scalable, distributable and highly available enterprise IP telephony call processing solution. A cross-site scripting vulnerability exists i...

SAP Enterprise Portal 'styleservice' Cross-Site Scripting Vulnerability

SAP Enterprise Portal is a German SAP SAP company's application integration platform, which integrates enterprise business information, enterprise applications and services, etc. together, and in the form of an independent Web-based user interface to the operator. A cross-site scripting...

Lutim Cross-Site Scripting Vulnerability

Lutim means Let's Upload That Image and can be used to store images. Lutim suffers from a cross-site scripting vulnerability due to the program failing to adequately validate user-supplied input. When an unsuspecting user browses the affected site, an attacker could exploit this vulnerability to...

HP LoadRunner/Performance Center Heap Buffer Overflow Vulnerability

HP Intelligent Management Center iMC is a set of network intelligent management center solutions from Hewlett-Packard HP. A remote heap buffer overflow vulnerability exists in HP LoadRunner/Performance Center, which originates from a failure to perform sufficient boundary checks before copying us...

Mozilla Firefox MFSA has multiple vulnerabilities (CNVD-2017-04172)

Mozilla Firefox is an open source web browser. Multiple vulnerabilities exist in Mozilla Firefox. An attacker could use this vulnerability to bypass security restrictions to perform unauthorized operations, obtain sensitive information, execute arbitrary script code in the affected application's...

CVE-2017-6906

SiberianCMS before 4.10.0 is vulnerable due to insufficient filtration of user-supplied data (log) passed to SiberianCMS-master/errors/500.php, allowing an attacker to execute arbitrary HTML/JavaScript in the context of the vulnerable website. This risk is documented with CVSS metrics (MEDIUM). N...

WordPress Cross-Site Scripting Vulnerability (CNVD-2017-03615)

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary...

WordPress Cross-Site Scripting Vulnerability (CNVD-2017-03618)

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to execute arbitrary...

OneThird CMS vulnerable to cross-site scripting

Overview OneThird CMS provided by SpiQe Software contains a cross-site scripting vulnerability CWE-79 due to an issue in processing the inquiry form. Note that this vulnerability is different from JVN49408248. Satoshi Takagi of Cryptography Laboratory,Department of Information and Communication...

Multiple Unspecified Cross-Site Scripting Vulnerabilities in TYPO3 CMS

TYPO3 is a free and open source content management system maintained by the Swiss TYPO3 Association. TYPO3 CMS suffers from multiple unspecified cross-site scripting vulnerabilities that stem from the program failing to properly validate user-supplied input. This vulnerability can be exploited to...

WordPress AnyVar Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language.REST API can transfer data via JSON format to access or control the content of the WordPress site. A cross-site scripting vulnerability exists in the WordPress AnyVar plugin. An attacker can use the vulnerability to execute arbitra...

melbourne.com XSS vulnerability

Vulnerable URL:...

CVE-2017-6397

An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability exists due to insufficient filtration of user-supplied data in multiple parameters passed to several -sub-menu.php pages. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable...

Design/Logic Flaw

An issue was discovered in HashOver 2.0. The vulnerability exists due to insufficient filtration of user-supplied data passed to the 'hashover/scripts/widget-output.php' URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website...

PT-2017-17037

Name of the Vulnerable Software and Affected Versions WPO-Foundation WebPageTest version 3.0 Description An issue exists due to insufficient filtration of user-supplied data passed to the "webpagetest-master/www/compare-cf.php" URL. This allows an attacker to execute arbitrary HTML and script cod...