Multiple Cross-Site Scripting Vulnerabilities in Wowza Streaming Engine

Wowza Streaming Engine is powerful media server software that provides reliable and smooth high quality video and audio delivery to any device. Wowza Streaming Engine suffers from multiple cross-site scripting vulnerabilities by entering several parameters script before unverified. An attacker ca...

TYPO3 Formhandler Extension Cross-Site Scripting Vulnerability

TYPO3 is a Swiss TYPO3 Association maintains a free and open source content management system framework CMS/CMF. formhandler is one of the Web development form Form module extension plug-in . A cross-site scripting vulnerability exists in versions 2.3.1 and 2.0.2 of the TYPO3 Formhandler extensio...

Drupal Outline Designer Cross-Site Scripting Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Outline Designer is one of the user experience modules for library management. A cross-site scripting vulnerability exists in Drupal Outline Designer versions 7.x-2.x prior to 7.x-2.3,...

HTML Injection Vulnerability in Multiple Pivotal Products

Pivotal Cloud Foundry is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software that provides container scheduling, continuous delivery, and automated service deployment.Pivotal Elastic Runtime is one of Pivotal Cloud Foundry's runtime environments. UAA User...

CloudBees Jenkins has multiple vulnerabilities

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . HTML...

CloudBees Jenkins has multiple vulnerabilities (CNVD-2016-04833)

CloudBees Jenkins formerly known as Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools , it is mainly used to monitor the continuous software version of the release/testing project and some of the timed execution of the task . HTML...

The vulnerability of Microsoft SharePoint’s electronic document management system, which allows a malicious individual to increase their privileges

The Microsoft SharePoint electronic document management program contains a vulnerability related to the improper filtering of specially crafted requests sent to the server. Exploiting this vulnerability allows a malicious user, after authenticating, to elevate their privileges by sending a...

Vulnerability of Microsoft Lync Server software, allowing a remote attacker to compromise protected information

A cross-site scripting implementation that allows access to confidential information exists in Lync Server. This implementation is related to the improper processing browsing of specially crafted content. If it operates successfully, a malicious individual can execute scripts in the user’s browse...

PT-2016-5990 · Bosch Rexroth · Bladecontrol-Webvis

Name of the Vulnerable Software and Affected Versions: Rexroth Bosch BLADEcontrol-WebVIS versions 3.0.2 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via unspecified vectors, potentially leading to...

The vulnerability of Google Chrome browser allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information.

The use of this functionality after release in core/dom/ContainerNode.cpp, within the implementation of the object model for documents in Blink for Google Chrome, allows malicious actors who operate remotely to trigger service failures or exert other effects on the system by executing a script...

OpenDocMan has multiple vulnerabilities

OpenDocMan is OpenDocMan project team developed an open source Web-based PHP document management system DMS. HTML injection and cross-site scripting vulnerabilities exist in OpenDocMan, which can be exploited by attackers to execute arbitrary script code, steal cookie-based authentication or...

Multiple cross-site scripting vulnerabilities in phpMyAdmin (CNVD-2016-04309)

phpmyadmin is an online management tool for MySQL databases. A cross-site scripting vulnerability exists in phpmyadmin versions 4.4.x and 4.6.x in the user permissions page and the user group function, which can be exploited by an attacker to execute arbitrary scripts across sites...

Trend Micro Internet Security Arbitrary Script Execution Vulnerability

Trend Micro Internet Security is a set of Trend Micro Trend Micro integrated with personal firewall, anti-virus, anti-spam and other features in one network security software. A security vulnerability exists in versions 8 and 10 of Trend Micro Internet Security, which can be exploited by attacker...

ZeewaysCMS Multiple Vulnerabilities

ZeewaysCMS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zeewayscms:zeeway"; ifdescriptio...

Trend Micro enterprise products HTTP header injection vulnerability

Overview Multiple enterprise products provided by Trend Micro Incorporated contain a HTTP header injection vulnerability. According to the developer, exploiting the vulnerability requires access to the LAN environment of the user. Trend Micro Incorporated reported this vulnerability to JPCERT/CC ...

Trend Micro Internet Security vulnerable to arbitrary script execution

Overview Trend Micro Internet Security provided by Trend Micro Incorporated contains a vulnerability that may allow arbitrary script execution. According to the developer, attempts to exploit the vulnerability will not succeed from external networks when the default settings are used. Trend Micro...

JVN#48789425: Trend Micro Internet Security multiple vulnerabilities

Trend Micro Internet Security provided by Trend Micro Incorporated contains the following vulnerabilities. Access Restriction Flaw - CVE-2016-1225 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N| Base Score: 5.3 CVSS v2| AV:N/AC:L/Au:N/C:P/I:N/A:N| Base...

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN37121456. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated...

WordPress plugin "Markdown on Save Improved" vulnerable to cross-site scripting

Overview The WordPress plugin "Markdown on Save Improved" contains a stored cross-site scripting CWE-79 vulnerability. Kenta Yamamoto of Cryptography Laboratory,Department of Information and Communication Engineering, Graduate School of Tokyo Denki University reported this vulnerability to IPA...

HumHub vulnerable to cross-site scripting

Overview HumHub is a software framework for developing a social networking service SNS. HumHub contains a cross-site scripting vulnerability. Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Ear...