Magento CMS URL Handling Cross-Site Scripting Vulnerability

Magento CMS is the United States Magento company's set of open source PHP e-commerce content management system CMS. A cross-site scripting vulnerability exists in Magento CMS due to failure to adequately filter user input data. An attacker could exploit this vulnerability by executing arbitrary...

Magento CMS Invitations Feature HTML Injection Vulnerability

Magento CMS is the United States Magento company's set of open source PHP e-commerce content management system CMS. An HTML injection vulnerability exists in Magento CMS due to failure to adequately filter user input data. An attacker could exploit this vulnerability to execute arbitrary script...

Magento CMS Flash File Upload Cross-Site Scripting Vulnerability

Magento CMS is an open source PHP e-commerce content management system CMS of the United States Magento company . The system provides rights management , search engine and payment gateway and other functions . An upload cross-site scripting vulnerability exists in Magento CMS Flash files, which c...

IBM Jazz Foundation Cross-Site Scripting Vulnerability

IBM Rational Collaborative Lifecycle Management CLM, etc. are products of IBM Corporation in the U.S. IBM Rational CLM, Rational Team Concert RTC and Rational Engineering Lifecycle Manager RELM are collaborative lifecycle management solutions; Rational Requirements Composer RRC and Rational DOORS...

Juniper Junos J-Web Cross-Site Scripting Attack Vulnerability

Juniper Junos is a Juniper Networks network operating system designed for the company's hardware systems. The operating system provides a secure programming interface and the Junos SDK. A cross-site scripting attack vulnerability exists in Juniper Junos J-Web, which could be exploited by an...

Moxa ioLogik E1200 Arbitrary Code Execution Vulnerability

The Moxa ioLogik E1200 is an intelligent Ethernet I/O product from Moxa. A security vulnerability exists in the Moxa ioLogik E1200 that can be exploited by an attacker to execute arbitrary script code on the browser of an unsuspecting user in the context of an affected site...

Abus Security Center 'FTP' HTML Injection Vulnerability

Abuse is a popular video game. An HTML injection vulnerability exists in Abus Security Center due to the program failing to adequately clean up user input. An attacker could exploit the vulnerability to execute arbitrary script code in the context of an affected browser to steal a user's...

Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"

Overview FlashAir by Toshiba Corporation is a SDHC memory card which provides "Internet pass-thru Mode", allowing devices to access the internet while connecting to FlashAir. When configured in "Internet pass-thru Mode", FlashAir acts both as a station and as an access point. When "Internet...

Cybozu Office Cross-Site Scripting Vulnerability (CNVD-2016-08632)

Cybozu Office is a Web-based, cross-platform collaboration solution from Cybozu. A cross-site scripting vulnerability exists in Cybozu Office versions 9.0.0 through 10.4.0. The vulnerability can be exploited to execute arbitrary script in the web browser of a logged-in user...

Cybozu Office Cross-Site Scripting Vulnerability (CNVD-2016-08631)

Cybozu Office is a Web-based, cross-platform collaboration solution from Cybozu. A cross-site scripting vulnerability exists in the ''Customapp'' feature in Cybozu Office versions 9.0.0 through 10.4.0. The vulnerability can be exploited by an attacker to execute arbitrary script on the web browse...

"Schedule" function in Cybozu Office vulnerable to cross-site scripting

Overview Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability. Kusano Kazuhiko reported this vulnerability to Cybozu, Inc., and Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated...

"Customapp" function in Cybozu Office vulnerable to cross-site scripting

Overview Cybozu Office provided by Cybozu,Inc. contains a cross-site scripting vulnerability. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership. Impact ...

BaserCMS cross-site scripting vulnerability (CNVD-2016-08858)

baserCMS is an enterprise-level content management system CMS. A cross-site scripting vulnerability exists in baserCMS 3.0.10 and prior versions, which stems from the program failing to adequately filter user-submitted input. The vulnerability allows an attacker to steal cookie-based authenticati...

BaserCMS cross-site scripting vulnerability (CNVD-2016-08857)

baserCMS is an enterprise-level content management system CMS. A cross-site scripting vulnerability exists in baserCMS 3.0.10 and prior versions, which stems from the program failing to adequately filter user-submitted input. The vulnerability allows an attacker to steal cookie-based authenticati...

BaserCMS cross-site scripting vulnerability (CNVD-2016-08856)

baserCMS is an enterprise-level content management system CMS. A cross-site scripting vulnerability exists in baserCMS 3.0.10 and prior versions, which stems from the program failing to adequately filter user-submitted input. The vulnerability allows an attacker to steal cookie-based authenticati...

ZOHO ManageEngine ServiceDesk Plus HTML Injection Vulnerability

ZOHO ManageEngine ServiceDesk is the United States ZhuoHao ZOHO company's set of web-based help desk HelpDesk and asset management software. An HTML injection vulnerability exists in ManageEngine ServiceDesk Plus 9.2 and prior versions, which stems from the program's inability to adequately filte...

JVN#92765814: Multiple vulnerabilities in baserCMS

baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugins "Blog", "Mail", "Feed", and "Uploader" contain the following vulnerabilities. Cross-site request forgery CWE-352 - CVE-2016-4879, CVE-2016-4881, CVE-2016-4884, CVE-2016-4885,...

TYPO3 CMS Cross-Site Scripting Vulnerability (CNVD-2016-08351)

TYPO3 CMS is a free and open source content management system framework CMS/CMF maintained by the Swiss TYPO3 Association. TYPO3 CMS suffers from a cross-site scripting vulnerability due to failure to properly filter user-supplied input. An attacker could be allowed to exploit the vulnerability t...

Drupal Core Cross-Site Scripting Vulnerability (CNVD-2016-08263)

Drupal is a free and open source content management system developed in PHP. A cross-site scripting vulnerability exists in Drupal Core that allows an attacker to steal cookie-based authentication credentials, obtain sensitive information, and execute arbitrary script code in the context of the...

IBM Connections Cross-Site Scripting Vulnerability (CNVD-2016-08269)

IBM Connections is a suite of social software platforms from IBM in the United States. The platform provides advanced analytics and real-time data monitoring capabilities, and accelerates web collaboration within and outside the organization through IBM SmartCloud services. IBM Connections allows...