Web Mailing List vulnerable to cross-site scripting

Overview Web Mailing List provided by Epoch Ltd. contains a cross-site scripting vulnerability CWE-79. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

ferretCMS cross-site scripting vulnerability (CNVD-2016-03510)

FerretCMS is a content management system. A cross-site scripting vulnerability exists in FerretCMS due to a failure to validate user input effectively. An attacker is able to execute malicious script code on the affected site...

a-blog cms vulnerable to cross-site scripting

Overview a-blog cms provided by appleple Inc. is a content management system CMS. a-blog cms contains a cross-site scripting vulnerability in the standard template of the comment functionality. Yuya Yoshida of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC...

CVE-2016-1667

The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a...

CVE-2016-1667

The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a...

WN-G300R Series vulnerable to cross-site scripting

Overview WN-G300R Series provided by I-O DATA DEVICE, INC. contains a cross-site scripting vulnerability. WN-G300R Series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R Series contains a stored cross-site scripting vulnerability CWE-79. Satoshi Ogawa of Mitsui Bussan Secure...

Multiple shiro8 Co., Ltd. freearea_ addition_plugins for EC-CUBE vulnerable to cross-site scripting

Overview EC-CUBE plugin "categoryfreearea additionplugin" and "itemdetailfreearea additionplugin" provided by shiro8 Co., Ltd. contain a cross-site scripting vulnerability CWE-79. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

Microsoft Edge Elevation of Privilege Vulnerability

Microsoft Edge is the web browser built into the Windows 10 version. Microsoft Edge suffers from an elevation of privilege vulnerability in its implementation due to the program failing to properly validate JavaScript.A remote attacker could exploit this vulnerability to run scripts with elevated...

baserCMS plugin "Recruit Plugin" vulnerable to cross-site scripting

Overview baserCMS plugin "Recruit Plugin" contains a cross-site scripting vulnerability. CWE-79 Takaesu Isao of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

Disc Organization System (DORG) Multiple Vulnerabilities

Disc Organization System DORG is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dorg:dorg";...

jenkins: API tokens of other users available to admins (SECURITY-200)

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user...

Cisco Adaptive Security Appliance WebVPN Portal Cross-Site Scripting Vulnerability

Cisco Adaptive Security Appliances ASA, Adaptive Security Appliances Software is a set of firewall appliances from Cisco USA. The device also includes IPS Intrusion Prevention System, SSL VPN, IPSec VPN, anti-spam and other features. A cross-site scripting vulnerability exists in the Cisco Adapti...

SAP 3D Visual Enterprise Viewer Memory Error References Remote Code Execution Vulnerability

SAP 3D Visual Enterprise Viewer VEV is a suite of software from SAP for viewing, zooming, panning and rotating interactive 3D data and playing step-by-step animations. A security vulnerability exists in SAP 3D Visual Enterprise Viewer. The vulnerability could be exploited by an attacker to execut...

QNAP Systems Signage Station Script Execution Vulnerability

QNAP Systems Signage Station is a suite of ad creation applications for QNAP NAS. A security vulnerability in QNAP Systems Signage Station allows a remote attacker to upload malicious files using predictable URLs and execute scripts in the files with administrator privileges...

FerretCMS 'admin.php' Cross-Site Scripting Vulnerability

FerretCMS is a content management system CMS based on PHP and MySQL. The system provides features such as page management, template management and user management. A cross-site scripting vulnerability exists in FerretCMS, which stems from the program's failure to adequately filter user-submitted...

Enhancesoft osTicket Arbitrary File Upload Vulnerability

Enhancesoft osTicket is a free and lightweight PHP-based question return system from Enhancesoft, USA. The system supports e-mail queries and more. An arbitrary file upload vulnerability exists in Enhancesoft osTicket. An attacker can exploit the vulnerability to upload and execute arbitrary...

IBM WebSphere Application Server XSS Vulnerability (swg21974520)

IBM WebSphere Application Server is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Microsoft Producer for Microsoft Office PowerPoint vulnerable to cross-site scripting

Overview Microsoft Producer for Microsoft Office PowerPoint may create a web page which contains a DOM-based cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use Microsoft Producer for Microsoft Office PowerPoint...

Script execution on Linux target fails with “Permission Denied” even when executed as root.

Challenge When interacting with Linux servers, Veeam Backup & Replication may encounter a "Permission Denied" error during script execution Pre-freeze, post-thaw, and repository data mover agent scripts, even when the account being used is the root user. Cause All script files are uploaded to and...

Vine MV vulnerable to cross-site scripting

Overview Vine MV contains a cross-site scripting vulnerability CWE-79. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the user's web browser. Solution Updat...