IBM Jazz Reporting Service Cross-Site Scripting Vulnerability (CNVD-2016-12641)

IBM Jazz Reporting Service is a solution for integrating data. An unspecified cross-site scripting attack vulnerability exists in IBM Jazz Reporting Service that stems from a failure to properly validate user input. An attacker could use this vulnerability to execute arbitrary scripts in an...

Apache ActiveMQ vulnerable to cross-site scripting

Overview Apache ActiveMQ provided by the Apache Software Foundation is a middleware that implements Java Message Service. Apache ActiveMQ contains a stored cross-site scripting vulnerability CWE-79. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...

Unspecified Security Bypass Vulnerability in Drupal JavaScript Callback Handler

Drupal is the Drupal community maintained by a set of free , open source content management system developed in PHP language . JavaScript Callback Handler is an efficient Ajax Callback module . An unspecified security bypass vulnerability exists in the Drupal JavaScript Callback Handler module. A...

Path traversal

An issue was discovered in phpMyAdmin. By calling some scripts that are part of phpMyAdmin in an unexpected way, it is possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed. During an execution timeout in the expo...

jquery-ui: cross-site scripting in dialog closeText

It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user...

WNC01WH vulnerable to stored cross-site scripting

Overview WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains a stored cross-site scripting vulnerability. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

Reflective Cross-Site Scripting Vulnerability in Huawei eSpace IAD Products

Huawei eSpace IAD is an integrated access device for Voice over IP and Unified Communications solutions from Huawei, China. A reflective cross-site scripting vulnerability exists in the Huawei eSpace IAD product. An attacker can exploit the vulnerability to run a malicious script in a user's...

IBM iNotes and Domino Cross-Site Scripting Vulnerability (CNVD-2016-11819)

IBM iNotes and Domino are both products of IBM Corporation in the U.S. iNotes is a suite of Web-based e-mail software; Domino is a platform for hosting social business applications. A cross-site scripting vulnerability exists in IBM iNotes and Domino that stems from the program failing to properl...

BigTree CMS 'check-module-integrity.php' Cross-Site Scripting Vulnerability

BigTree CMS is an open source content management system. A cross-site scripting vulnerability exists in BigTree CMS 'check-module-integrity.php'. An attacker could exploit the vulnerability to execute arbitrary script code in a user's browser while browsing the affected site to steal cookie-based...

Multiple Cross-Site Scripting Vulnerabilities in DERAEMON-CMS

DERAEMON-CMS is a CMS specialized for web designers and coders. DERAEMON-CMS has multiple cross-site scripting vulnerabilities because it fails to properly filter user-supplied input. An attacker could exploit these vulnerabilities to execute arbitrary script code in the browser of an unsuspectin...

IBM Kenexa LMS on Cloud Cross-Site Scripting Vulnerability

IBM Kenexa LMS on Cloud is a full-featured, configurable, enterprise-grade, social Learning Management System LMS that integrates social networking, collaboration, and knowledge sharing capabilities. The software provides interactive elements that support users in evaluating learning content and...

Unspecified Cross-Site Scripting Vulnerability in IBM Kenexa LMS on Cloud

IBM Kenexa LMS on Cloud is a full-featured, configurable, enterprise-grade, social Learning Management System LMS that integrates social networking, collaboration, and knowledge sharing capabilities. The software provides interactive elements that support users in evaluating learning content and...

IBM Kenexa LMS on Cloud suffers from an unspecified cross-site scripting vulnerability (CNVD-2016-11290)

IBM Kenexa LMS on Cloud is a full-featured, configurable, enterprise-grade, social Learning Management System LMS with integrated social networking, collaboration, and knowledge sharing capabilities. IBM Kenexa LMS on Cloud suffers from an unspecified cross-site scripting vulnerability that stems...

Multiple HTML Injection Vulnerabilities in Foreman

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. Foreman has multiple HTML injection vulnerabilities due to the program failing to adequately validate...

Drupal Views Send Module Cross-Site Scripting Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community. View sending enables you to send emails to multiple users from a single view. A cross-site scripting vulnerability exists in the Drupal Views Send module due to the program failing to...

Drupal D8 Editor File upload module cross-site scripting vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.File is one of the file handling modules. A cross-site scripting vulnerability exists in the Drupal D8 Editor File upload module that stems from a failure to properly validate user inpu...

IBM Resilient Cross-Site Scripting Vulnerability

IBM acquired Resilient Systems in order to enhance its security business and provide an automated response playbook to attacks. resilient's platform will be combined with IBM's QRadar Intelligence Platform and will be integrated with the Blue Giant's security portfolio. IBM Resilient suffers from...

CG-WLR300NX vulnerable to cross-site scripting

Overview CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site scripting vulnerability CWE-79. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

Palo Alto Networks PAN-OS Cross-Site Scripting Vulnerability (CNVD-2016-11098)

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. Palo Alto Networks PAN-OS suffers from a cross-site scripting vulnerability due to the program failing to properly filter user-supplied input. An attacker could exploit the...

Foreman HTML Injection Vulnerability (CNVD-2016-11092)

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. An HTML injection vulnerability exists in Foreman 1.1 and later versions, which stems from the program...