IBM Business Process Manager Cross-Site Scripting Vulnerability (CNVD-2015-04371)

IBM Business Process Manager BPM is a comprehensive set of business process management platform from IBM in the United States. The platform provides a range of tools related to process modeling, assembly, monitoring and deployment for business. A cross-site scripting vulnerability exists in IBM B...

Chamilo LMS HTML Injection Vulnerability

Chamilo LMS is an open source online learning and collaboration system developed by the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. Chamilo LMS suffers from an HTML injection vulnerability that stems fr...

Chamilo LMS Cross-Site Request Forgery Vulnerability

Chamilo LMS is an open source online learning and collaboration system developed by the Chamilo Association. The system supports the creation of instructional content, distance training and online question and answer sessions. Chamilo LMS suffers from cross-site request forgery vulnerabilities th...

WordPress Ultimate Member 'class.p.php' plugin cross-site scripting vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Ultimate Member 'class.p.php' plugin due to the program failing to adequately filter user-supplied inpu...

WordPress Salem Theme Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress Salem Theme suffers from a cross-site scripting vulnerability due to the program failing to adequately filter user-supplied input. An attacker is allowed ...

Multiple Cross-Site Scripting Vulnerabilities in Multiple WordPress Plugins

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple cross-site scripting vulnerabilities exist in several WordPress plugins due to the program failing to adequately filter user-supplied input. An attacker is...

Drupal Shibboleth authentication module cross-site scripting vulnerability

Drupal is a free and open source content management system developed in PHP and maintained by the Drupal community.Shibboleth Authentication is one of the user login and get access to the authentication module . A cross-site scripting vulnerability exists in the Drupal Shibboleth authentication...

WordPress Broken Link Checker Plugin Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress Broken Link Checker plugin. The vulnerability allows attackers to steal cookie-based authentication...

Ruby On Rails Paperclip Cross-Site Scripting Vulnerability

Ruby on Rails Rails is Rails core team development and maintenance of a set of open source Web application framework based on the Ruby language . Paperclip is a Rails upload image plugin . Ruby On Rails Paperclip has a cross-site scripting vulnerability. This vulnerability allows an attacker to...

CVE-2015-5371

The AuthenticationFilter class in SolarWinds Storage Manager allows remote attackers to upload and execute arbitrary scripts via unspecified vectors...

Apple Safari PDF Arbitrary Script Execution Vulnerability

Apple Safari is a popular WEB browser. A security vulnerability exists in Apple Safari that allows an attacker to construct a malicious URI containing an embedded PDF page, which induces a user to visit it and execute arbitrary script code in the context of the target user...

Nakid CMS HTML Injection Vulnerability

Nakid CMS is an open source content management system CMS based on PHP and CodeIgniter. Nakid CMS suffers from an HTML injection vulnerability that could be exploited to allow an attacker to execute supplied HTML and script code in the context of an affected browser, which could allow an attacker...

Cisco IOS TCL Interpreter Privilege Elevation Vulnerability

Cisco IOS is an operating system developed by Cisco for its network devices. A security vulnerability exists in the Cisco IOS TCL interpreter due to the program failing to properly maintain the 'vty' state. Allowing a local attacker to exploit the vulnerability could gain privileges by opening a...

wpa_supplicant security and enhancement update

1:2.0-17 - AP WMM: Fix integer underflow in WMM Action frame parser rh 1221178 rh 1222015 1:2.0-16 - P2P: Validate SSID element length before copying it CVE-2015-1863 1:2.0-15 - Add domainmatch config option from upstream rh 1178263 - Include peer certificate in EAP events for use by clients...

Multiple Cross-Site Scripting Vulnerabilities in Ektron CMS

Ektron CMS is a content management system. Multiple cross-site scripting vulnerabilities exist in Ektron CMS due to the program failing to adequately filter user-submitted input. The vulnerabilities could be exploited to allow an attacker to steal cookie-based authentication credentials and execu...

Cisco Unified MeetingPlace Cross-Site Scripting Vulnerability (CNVD-2015-03644)

Cisco Unified MeetingPlace is the United States Cisco Cisco company's set of multimedia conferencing solutions. The solution provides a user environment that integrates voice, video and Web conferencing. A cross-site scripting vulnerability exists in Cisco Unified MeetingPlace due to the program...

NetFlow Analyzer vulnerable to cross-site scripting

Overview NetFlow Analyzer provided by Zoho Corporation contains a cross-site scripting vulnerability. Tomoshige Hasegawa, Akihito Mukai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may...

Multiple HTML Injection Vulnerabilities in Dolibarr

Dolibarr is a WEB-based open source ERP and CRM system . Dolibarr suffers from multiple HTML injection vulnerabilities due to the program failing to adequately filter user-submitted input. The vulnerabilities could be exploited to allow an attacker to execute arbitrary script code in the context ...

ZenPhoto20 vulnerable to cross-site scripting

Overview ZenPhoto20 is a content management system CMS. ZenPhoto20 contains a cross-site scripting vulnerability CWE-79 due to a flaw in processing encoded user-supplied input. Gen Sato of TRADE WORKS Co.,Ltd. Security Dept. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

Apache Sling API and Servlets Post components vulnerable to cross-site scripting

Overview Apache Sling is an open source web application framework provided by The Apache Software Foundation. Sling API and Servlet Post components included in Apache Sling contain a cross-site scripting vulnerability CWE-79 in the error page and the generation of the job completion. MORI Shingo...