HOME SPOT CUBE vulnerable to cross-site scripting

Overview HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains a cross-site scripting vulnerability. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

jenkins: API tokens of other users available to admins (SECURITY-200)

Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user...

computercraft.info XSS vulnerability

Vulnerable URL: http://computercraft.info/wiki/thumb.php?f=xssposed%23%3Cbody%09onload=confirm%28String.fromCharCode%2888,83,83,80,79,83,69,68%29%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly...

markdown-it and NodeBB HTML Injection Vulnerabilities

markdown-it is a parser product. NodeBB is a forum system developed by the Design Create Play team and built using Node.js, a web application platform built on top of Google's V8 JavaScript engine. An HTML injection vulnerability exists in markdown-it versions prior to 4.1.0 and NodeBB versions...

Wordpress plugin iframe HTML injection vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site. iframe plugin is a pop-up layer allowing external URLs to be loaded into the iframe page plugin . Wordpress...

Cross-site Scripting Vulnerability in uCosminexus Portal Framework and Groupmax Collaboration

Overview A cross-site scripting vulnerability was found in uCosminexus Portal Framework and Groupmax Collaboration. Impact Remote users can exploit a cross-site scripting vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official...

Bugzilla cross-site scripting vulnerability (CNVD-2015-08476)

Bugzilla is the United States Mozilla Foundation developed a set of open-source defect tracking system , it can manage software development defects in the submission new, repair resolve, close close and so on the entire life cycle . A cross-site scripting vulnerability exists in Bugzilla versions...

Drupal Block Class Module HTML Injection Vulnerability

Drupal is the Drupal community maintained by a set of free, open source content management system developed in PHP. Block Class is one of the administrator through the Block configuration interface to add CSS to any Block module . An HTML injection vulnerability exists in Drupal Block Class modul...

Multiple Cross-site Scripting Vulnerabilities in EUR

Overview Multiple cross-site scripting vulnerabilities were found in EUR. Impact Remote users can exploit these vulnerabilities to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Redmine Cross-Site Scripting Vulnerability

Redmine is a set of open source Web-based project management and defect tracking tools . A cross-site scripting vulnerability exists in Redmine. An attacker can exploit this vulnerability to execute arbitrary script code, steal cookie-based authentication and launch other attacks...

WordPress Auto ThickBox Plus Plugin Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL.Auto ThickBox Plus is one of the thumbnail plugins used to automate the implementation of ThickBox. A cross-site scripting...

Microsoft Internet Explorer Arbitrary Web Script Execution Vulnerability

Microsoft Internet Explorer is a popular web browser introduced by Microsoft and bundled with the Windows operating system. A security mechanism bypass vulnerability exists in Microsoft Internet Explorer 11 that could allow a remote attacker to execute arbitrary web scripts with privileges via a...

WL-330NUL vulnerable to cross-site scripting

Overview WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a stored cross-site scripting vulnerability. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

Microsoft Browser Elevation of Privilege Vulnerability

Microsoft Edge is a web browser developed by Microsoft USA and is the default browser that comes with the Windows 10 operating system. Elevation of privilege vulnerability in Microsoft Edge, which stems from the program not properly validating privileges under certain conditions. An attacker coul...

jsoup: XSS vulnerability related to incomplete tags at EOF

It was found that jsoup did not properly validate user-supplied HTML content; certain HTML snippets could get past the validator without being detected as unsafe. A remote attacker could use a specially crafted HTML snippet to execute arbitrary web script in the user's browser...

p++BBS vulnerable to cross-site scripting

Overview p++BBS provided by Let's PHP! contains a stored cross-site scripting vulnerability CWE-79. Koki Takahashi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on the...

OcProducts OcPortal 'FIELD_NAME' Parameter Cross-Site Scripting Vulnerability

OcProducts ocPortal is an open source PHP and MySQL based Content Management System CMS from OcProducts. A cross-site scripting vulnerability exists in OcProducts OcPortal. An attacker can exploit this vulnerability to execute arbitrary script code, steal cookie-based authentication and launch...

IBM Sterling B2B Integrator Cross-Site Scripting Vulnerability (CNVD-2015-07814)

IBM Sterling B2B Integrator is a suite of software from IBM USA that integrates essential B2B processes, transactions and relationships. A cross-site scripting vulnerability in IBM Sterling B2B Integrator version 5.2 can be exploited by an attacker to steal cookie-based authentication and execute...

Void vulnerable to cross-site scripting

Overview Void is an open source content management system CMS. Void contains a cross-site scripting vulnerability CWE-79. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA under Information Security Early Warning Partnership. Impact An arbitrary script may be...

ArcSight Management Center and ArcSight Logger vulnerable to cross-site scripting

Overview ArcSight Management Center and ArcSight Logger from Hewlett-Packard Development Company L.P. contain a stored cross-site scripting vulnerability CWE-79. Mukai Akihito reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...