Hulihan Applications Onyx Cross-Site Scripting Vulnerability

Hulihan Applications Onyx is a U.S. Hulihan Applications company based on Ruby on Rails a set of open source Web application framework based on the Ruby language of the open source image library , which provides customized themes , image uploads and image effects and other features . A cross-site...

SUSE-SU-2015:0593-1 Security update for Mozilla Firefox

MozillaFirefox was updated to the 31.5.3ESR release to fix two security vulnerabilities: MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-tim...

Drupal Trick Question module cross-site scripting vulnerability

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Trick Question is one of the CAPTCHA type spam defense modules. A cross-site scripting vulnerability exists in the Drupal Trick Question module. The vulnerability is due to the program...

BEdita CMS has multiple vulnerabilities

BEdita CMS is a web development framework that provides a full-featured content management system CMS. A cross-site scripting vulnerability and a cross-site request forgery vulnerability exist in BEdita CMS. When a user browses the affected website, his/her browser will execute arbitrary script...

Microsoft Internet Explorer Elevation of Privilege (MS15-018: CVE-2015-1627)

An elevation of privilege vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer validates permissions under specific conditions, potentially allowing script to be run with elevated privileges...

Multiple Cross-Site Scripting Vulnerabilities in PHP Address Book

PHP Address Book is a simple Web-based address book , contact management application developed in PHP . PHP Address Book suffers from multiple cross-site scripting vulnerabilities that could be exploited by an attacker to execute arbitrary web script or HTML in the context of an affected site...

Loxone Smart Home HTML Injection Vulnerability

Loxone Smart Home is a WEB-based application. Loxone Smart Home suffers from an HTML injection vulnerability that could be exploited by an attacker to execute arbitrary HTML script and code in the context of the affected application...

Maroyaka Image Album vulnerable to cross-site scripting

Overview Maroyaka Image Album provided by Maroyaka CGI is a CGI script for placing image files within a website. Maroyaka Image Album contains a cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

Maroyaka Simple Board vulnerable to cross-site scripting

Overview Maroyaka Simple Board provided by Maroyaka CGI is a CGI script for posting text into a website. Maroyaka Simple Board contains a persistent cross-site scripting vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Securi...

Multiple Cross-Site Scripting Vulnerabilities in Cisco Security Manager

Cisco Security Manager centralizes the task of configuring policies and controls for Cisco security deployments, enabling efficient management of enterprise-level security. Cisco Security Manager has multiple cross-site scripting vulnerabilities due to the program failing to properly filter...

Drupal inLinks Integration Module Cross-Site Scripting Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community. inLinks Integration is one of the modules that sells goods through backlinks. A cross-site scripting vulnerability exists in the Drupal inLinks Integration module due to the program's...

Drupal Entity API Module Field Label Cross-Site Scripting Vulnerability

Drupal is an open source content management platform. A cross-site scripting vulnerability exists in the Drupal Entity API module field labels due to the program failing to properly filter user-supplied input. An attacker could be allowed to exploit this vulnerability to steal cookie-based...

Cross-site Scripting Vulnerability in JP1/IT Desktop Management - Manager and Hitachi IT Operations Director

Overview A cross-site scripting vulnerability was found in the online help of JP1/IT Desktop Management - Manager and Hitachi IT Operations Director. Impact Remote users can exploit a cross-site scripting vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information...

Multiple Cross-Site Scripting Vulnerabilities in SAP HANA

SAP HANA is a high-performance real-time data analytics platform from SAP. The platform provides data query functions, users can directly query and analyze a large amount of real-time business data. SAP HANA has multiple cross-site scripting vulnerabilities that can be exploited by an attacker to...

Multiple HTML Injection Vulnerabilities in MyBB

MyBB is a popular forum program. MyBB suffers from multiple HTML injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can execute the provided HTML and script code in the context of the affected site...

Live off the mobile phone client xss comfortably into the background-bug warning-the black bar safety net

Brief description: Live off the mobile phone client sidexsscomfortably, you can log in the background Detailed description: 0x00 keywords code area Live off to find room Android App, user feedback, comfortably, the storage-typexss, the'" 0x02 process User feedback directly inserted into the !...

Saurus CMS Community Edition vulnerable to cross-site scripting

Overview Saurus CMS Community Edition is open source software to manage and build websites. Saurus CMS Community Edition contains multiple cross-site scripting vulnerabilities. Yuji Tounai of NTT Com Security reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under...

Cross-site Scripting Vulnerability in Hitachi Application Server Help

Overview Hitachi Application Server Help contains a cross-site scripting vulnerability. Impact A remote attacker can exploit this vulnerability to execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action...

Multiple Cross-Site Scripting Vulnerabilities in Drupal Taxonomy Tools Module

Drupal is written using the PHP language open source content management framework , which consists of a content management system and PHP development framework together . Multiple cross-site scripting vulnerabilities exist in the Drupal Taxonomy Tools module due to the program failing to properly...

Cisco Prime Security Manager Cross-Site Scripting Vulnerability (CNVD-2015-01125)

Cisco Prime Security Manager is a tool for centralized management of the Cisco ASA 5500-X Series firewalls. A cross-site scripting vulnerability exists in Cisco Prime Security Manager due to the program failing to properly filter user-supplied input. An attacker could exploit this vulnerability t...