Multiple HTML Injection Vulnerabilities in BEdita CMS 'index.php'

BEdita is a web development framework that provides a full-featured content management system. Multiple HTML injection vulnerabilities exist in BEdita CMS 'index.php' because it fails to properly filter user-supplied input. An attacker can execute the provided HTML and script code in the context ...

e107 '/e107_admin/filemanager.php' cross-site scripting vulnerability

E107 is an open source, free and based on PHP and MySQL content management system CMS of the United States E107 company. The system supports a variety of plug-in programs and appearance of the theme , can be used as a personal blog , discussion community , archive repository and so on. A cross-si...

Drupal Field Display Label Module Cross-Site Scripting Vulnerability

Drupal is a free and open source content management system developed in PHP. A cross-site scripting vulnerability exists in the Drupal Field Display Label module because it fails to properly filter user-supplied input. An attacker may be able to exploit this vulnerability to execute arbitrary...

Multiple Cross-Site Scripting Vulnerabilities in Zurmo CRM

Zurmo CRM is the United States Zurmo company's set of open source PHP-based customer relationship management system CRM. Multiple cross-site scripting vulnerabilities exist in Zurmo CRM because it fails to properly filter user-supplied input. An attacker could potentially exploit these...

Kajona 'admin.php' Cross-Site Scripting Vulnerability

Kajona is a set of Kajona team based on PHP and MySql open source content management framework. A cross-site scripting vulnerability exists in Kajona 'admin.php' because it fails to properly filter user-supplied input. An attacker may be able to exploit this vulnerability to execute arbitrary...

Multiple HTML Injection Vulnerabilities in AdaptCMS

AdaptCMS is a content management system. AdaptCMS has multiple HTML injection vulnerabilities because it fails to properly filter user-supplied input. An attacker can execute supplied HTML and script code in the context of the affected site...

FlexPaper 'FlexPaperViewer.swf' 'Content Spoofing Vulnerability

FlexPaper is an open source lightweight in the browser to display a variety of documents on the component . A content spoofing vulnerability exists in FlexPaper 'FlexPaperViewer.swf' due to the program failing to properly filter user-supplied input. An attacker can exploit this vulnerability to...

FlexPaper 'FlexPaperViewer.swf' Cross-Site Scripting Vulnerability

FlexPaper is an open source lightweight in the browser to display a variety of documents on the component . A cross-site scripting vulnerability exists in FlexPaper 'FlexPaperViewer.swf' due to the program failing to properly filter user-supplied input. An attacker can exploit this vulnerability ...

Serendipity HTML Injection Vulnerability

Serendipity is a PHP-powered Weblog application. Serendipity suffers from an HTML injection vulnerability because it fails to filter user-supplied input. Allowing an attacker to run supplied HTML or JavaScript code in the context of the affected site...

Osclass 'ajax.php' local file inclusion vulnerability

OSClass is a PHP MySQL based development , used to create and manage classified ads website open source system . A local file inclusion vulnerability exists in Osclass 'ajax.php' because it fails to adequately filter user-supplied input. An attacker can exploit this vulnerability to obtain...

WordPress plugin Frontend Uploader 'errors' parameter cross-site scripting vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Frontend Uploader 'errors' parameter of the WordPress plugin because it...

WBS Gantt-Chart for JIRA vulnerable to cross-site scripting

Overview WBS Gantt-Chart for JIRA provided by Ricksoft Inc. is an add-on for JIRA which provides WBS Work Breakdown Structure and Gantt-Chart features. WBS Gantt-Chart for JIRA contains a flaw in exporting data, which may lead to cross-site scripting CWE-79. Note that this vulnerability is...

WBS Gantt-Chart for JIRA vulnerable to cross-site scripting

Overview WBS Gantt-Chart for JIRA provided by Ricksoft Inc. is an add-on for JIRA which provides WBS Work Breakdown Structure and Gantt-Chart features. WBS Gantt-Chart for JIRA contains a flaw in output page generation, which may lead to cross-site scripting CWE-79. Note that this vulnerability i...

LinPHA vulnerable to cross-site scripting

Overview LinPHA is a software to manage and host image files on the web. LinPHA contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

i-HTTPD vulnerable to cross-site scripting

Overview i-HTTPD is a web server for Windows. i-HTTPD contains a flaw in generating a directory index page, which may lead to a cross-site scripting CWE-79. Note that this vulnerability is different from JVN87910097. Yamagata of webappsec.jp reported this vulnerability to IPA. JPCERT/CC coordinat...

KENT-WEB Clip Board vulnerable to cross-site scripting

Overview KENT-WEB Clip Board is a bulletin board software that a user can upload binary files such as image files. Clip Board contains a cross-site scripting vulnerability. Sen UENO of Tricorder Co. Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Informatio...

phpSound Music Sharing Platform 1.0.5 - Multiple XSS Vulnerabilities

No description provided by source. Exploit Title: phpSound Music Sharing Platform Multiple XSS Vulnerabilities Date: 08-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.0.5 Vendor Link: http://codecanyon.net/item/phpsound-music-sharing-platform/9016117 Software Test Link:...

Etiko CMS index.php cross-site scripting vulnerability-vulnerability warning-the black bar safety net

Affected system: Etiko Etiko CMS Description: CVECAN ID: CVE-2 0 1 4-8 5 0 5 Etiko CMS is a content management system. Etiko CMS did not effectively verify the index. php script input, in the realization on the presence of cross-site scripting vulnerability, a remote attacker with the structure o...

Fedora 20 : wpa_supplicant-2.0-12.fc20 (2014-13555)

This update fixes a possible security issue executing scripts with wpacli. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducin...

Aflax vulnerable to cross-site scripting

Overview Aflax is a JavaScript library that enables developers to use JavaScript to fully utilize all of the features of the Adobe Flash runtime. Aflax contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the...