FlightAirMap Multiple Cross-Site Scripting Vulnerabilities

FlightAirMap is an open source project that displays flights in real time on a 2D or 3D map. FlightAirMap suffers from multiple cross-site scripting vulnerabilities. The vulnerabilities arise due to a failure to properly validate user-submitted data. An attacker could use the vulnerabilities to...

WPO-Foundation WebPageTest Cross-Site Scripting Vulnerability

WebPagetest is a Web application that takes a URL and a set of configuration parameters as input and runs a performance test on that URL. A cross-site scripting vulnerability exists in WPO-Foundation WebPageTest, which occurs due to a failure to properly validate user-submitted data. The...

JVN#73083905: Multiple vulnerabilities in WBCE CMS

WBCE CMS provided by WBCE Team is an open-source Contents Management System CMS. WBCE CMS contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2017-2118 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N| Base Score: 6.1 CVSS v2|...

TCPDF Local File Inclusion Vulnerability

TCPDF is an open source for generating PDF documents of PHP classes . A local file inclusion vulnerability exists in versions of TCPDF prior to 6.2.0, which stems from the program failing to adequately filter user-submitted input. An attacker could exploit this vulnerability to obtain sensitive...

Palo Alto Networks PAN-OS HTML Injection Vulnerability

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. Palo Alto Networks PAN-OS suffers from an HTML injection vulnerability that stems from a failure to adequately validate user input. An attacker could use this vulnerability to execu...

Multiple Cross-Site Scripting Vulnerabilities in PhreeBooksERP

PhreeBooksERP is an open source ERP system for accounting use. PhreeBooksERP suffers from multiple cross-site scripting vulnerabilities due to failure to adequately validate user input. An attacker could exploit this vulnerability to execute arbitrary script code on a user's browser on an affecte...

Cisco Firepower Management Center Cross-Site Scripting Vulnerability (CNVD-2017-01995)

Cisco Firepower Management Center is a new generation of firewall management center software from the U.S. company Cisco Cisco. A cross-site scripting vulnerability exists in Cisco Firepower Management Center, as the program fails to adequately validate user input. An attacker could exploit this...

Fastspot BigTree bigtree-form-builder input validation vulnerability

Fastspot BigTree is the United States Fastspot company based on PHP and MySQL open source content management system CMS. bigtree-form-builder is one of the administrators used to build and collect the front-end user input information form . Fastspot BigTree bigtree-form-builder A security...

WordPress WP Mail plugin cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language. wpmail is the function used to send mail. A cross-site scripting vulnerability exists in the WordPress WP Mail plugin due to the program failing to adequately validate user input. An...

TYPO3 Arbitrary Code Execution Vulnerability (CNVD-2017-01648)

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the TYPO3 Association in Switzerland. contextswurfl is one of the extensions for detecting mobile devices and adjusting TYPO3 output. A security vulnerability exists in versions of the TYPO3 contextswurfl...

Multiple cross-site scripting vulnerabilities in Webmin

Overview Webmin contains multiple cross-site scripting vulnerabilities CWE-79 due to issues in outputting error messages into a HTML page and the function to edit the database. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

CVE-2016-0305

IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the U...

IBM InfoSphere BigInsights Cross-Site Scripting Vulnerability (CNVD-2017-01312)

IBM InfoSphere BigInsights is a set of software platforms for storing and analyzing Big Data from IBM in the United States. The platform provides solutions for managing and analyzing massive amounts of structured and unstructured data. A cross-site scripting vulnerability exists in IBM Infosphere...

Drupal Better Exposed Filters Module Cross-Site Scripting Vulnerability

Drupal is a free, open-source content management system developed in the PHP language and maintained by the Drupal community. A cross-site scripting vulnerability exists in the Drupal Better Exposed Filters module. An attacker can exploit this issue to execute arbitrary script code in an...

Cross-Site Scripting Vulnerability in Multiple TIBCO Products

TIBCO Spotfire Automation Services are products of TIBCO Software, Inc. Spotfire Automation Services is a suite of tools for running automated analyses; Spotfire Professional is a comprehensive analytics platform for all aspects of business analysts and users. Spotfire Professional is a...

Bypassing Device-Resource Restrictions

Cordova is vulnerable to the bypass of intended device-resource restrictions. Leveraging on an event-based bridge, a library clone, and an IFRAME script execution, a remote attacker is able to directly access bridge JavaScript objects as demonstrated by certain cordova.require calls...

Cross site scripting

IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,...

CVE-2016-0218

IBM Cognos Business Intelligence and IBM Cognos Analytics are vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security...

CVE-2016-2924

IBM Infosphere BigInsights is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,...

CVE-2016-0265

IBM Campaign is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL ...