Drupal Search API Autocomplete Module Cross-Site Scripting Vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Search API Autocomplete is one of the modules used to add autocomplete functionality to search fields during searches and provide a list of suggestions. A cross-site scripting...

Trend Micro Deep Discovery Inspector Cross-Site Scripting Vulnerability

Trend Micro Deep Discovery Inspector is a set of protection products from Trend Micro that can detect and identify hard-to-find threats in real time and propose solutions. A cross-site scripting vulnerability exists in Trend Micro Deep Discovery Inspector, which arises from the program's failure ...

Adobe Flash Heap Use-After-Free In SurfaceFilterList::C​reateFromScriptAtom

Source: https://code.google.com/p/google-security-research/issues/detail?id=484&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for: https://code.google.com/p/chromium/issues/detail?id=508072 VULNERABILITY DETAILS Copy Paste of Issue 480496 VERSION Chrome Version:...

Adobe Flash - Heap Use-After-Free in SurfaceFilterList::C​reateFromScriptAtom

Source: https://code.google.com/p/google-security-research/issues/detail?id=484&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for: https://code.google.com/p/chromium/issues/detail?id=508072 VULNERABILITY DETAILS Copy Paste of Issue 480496 VERSION Chrome Version:...

Spree Commerce 'show.v1.rabl' File Inclusion Vulnerability

Spree also known as Spree Commerce is the United States Spree Commerce, Inc. based on Ruby on Rails open source e-commerce solutions. A file inclusion vulnerability exists in Spree Commerce. An attacker can exploit this vulnerability to obtain sensitive information and execute arbitrary scripts...

WordPress Plugin Eventbrite Tickets Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Eventbrite Tickets. The vulnerability stems from a failur...

WordPress Flickr Justified Gallery plugin 'fjgwpp.php' cross-site scripting vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports personal blog sites set up on servers with PHP and MySQL.Flickr Justified Gallery is one of the JQuery photo gallery plugin. A cross-site scripting vulnerability exist...

Git GitWeb HTML Injection Vulnerability

Git gitweb is a WEB-based management interface for git. An HTML injection vulnerability exists in Git GitWeb. Because the program fails to properly filter user-supplied input, an attacker could exploit the vulnerability to run executable HTML and script code in the context of an affected browser,...

Apple Mac OS X 'entity' Parameter Cross-Site Scripting Vulnerability

Apple Mac OS X is a commercial operating system. A cross-site scripting vulnerability exists in the Apple Mac OS X 'entity' parameter. Because the program fails to properly filter user-supplied input, an attacker could exploit the vulnerability to execute arbitrary script code in the browser of a...

Wordpress Ephox Plupload Cross-Site Scripting Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed in PHP language, which supports setting up personal blog sites on PHP and MySQL servers.Ephox Plupload is a Web browser-based file upload module from Ephox, which supports displaying upload progress, automatic image...

Drupal OSF for Drupal Module Cross-Site Scripting Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community. osf for Drupal is one of the middle-tier modules that allows customization tools and data display for internally structured data RDF and related vocabularies ontologies. A cross-site...

Snorby 'view.html.erb' HTML Injection Vulnerability

Snorby is a set of Ruby on Rails based on the Ruby language open source web application framework for network security monitoring web applications . Snorby suffers from an HTML injection vulnerability that could be exploited by an attacker to cause the browser to execute arbitrary HTML or script...

Joomla! Helpdesk Pro plugin cross-site scripting vulnerability

Joomla! is a well-known content management system in foreign countries. Joomla! is a software system developed using the PHP language coupled with a MySQL database, which can be implemented on a variety of different platforms such as Linux, Windows, MacOSX and so on. Helpdesk Pro plugin version...

Zenphoto has multiple unspecified vulnerabilities

ZenPhoto is a compact photo album software with RSS output, FTP upload method, Tag function, comment reply and other features. The following security vulnerabilities exist in versions of Zenphoto prior to 1.4.9, which can be exploited by attackers to take control of the application, access or...

phpLiteAdmin Cross-Site Scripting Vulnerability

phpLiteAdmin is a software developer Dane Iracleous developed a set of PHP implementation and Web-based open-source SQLite database management tool . A cross-site scripting vulnerability exists in phpLiteAdmin. When a user browses the affected website, his browser will execute arbitrary script co...

IPython JSON Error Response Cross-Site Scripting Vulnerability

IPython is an enhanced version of Python's native interactive shell. IPython suffers from cross-site scripting vulnerabilities that could be exploited by attackers to execute arbitrary script code in the context of an affected website in a browser without the user's knowledge. This could allow an...

IBM WebSphere Portal Cross-Site Scripting Vulnerability (CNVD-2015-04462)

IBM WebSphere Portal is a suite of enterprise portal software from IBM. The software creates a platform that connects an organization internally and externally, allowing employees, customers and suppliers to access internal data through the platform. A cross-site scripting vulnerability exists in...

IBM WebSphere Portal Cross-Site Scripting Vulnerability (CNVD-2015-04461)

IBM WebSphere Portal is a suite of enterprise portal software from IBM. The software creates a platform that connects the internal and external parts of an organization, allowing employees, customers and suppliers to access internal data through the platform. A cross-site scripting vulnerability...

IBM Jazz Team Server Cross-Site Scripting Vulnerability

IBM Jazz Team Server is a suite of project management tools for use in IBM Rational Jazz Team Collaboration Platform from IBM in the United States. A cross-site scripting vulnerability exists in IBM Jazz Team Server that stems from the program's failure to adequately filter user-submitted input...

Cacti vulnerable to cross-site scripting

Overview Cacti is a web application that graphs stored data collected from network devices. Cacti contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing parameters in settings.php. Daiki Fukumori of Cyber Defense Institute, Inc. and Masako Ohno reported this vulnerabilit...