Oracle Enterprise Manager vulnerable to cross-site scripting

Overview Oracle Enterprise Manager provided by Oracle contains a cross-site scripting vulnerability. Masashi Shiraishi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An arbitrary script may be executed on t...

Reflected XSS in JIRA Admin Panel (Delete User)

The 'name' param in jira-components/jira-webapp/src/main/webapp/secure/admin/user/views/deleteuserconfirm.jsp is not sanitised, enabling arbitrary html/script execution. A url to demonstrate this issue is:...

POST-MAIL vulnerable to cross-site scripting

Overview POST-MAIL provided by KENT-WEB contains an issue in the webpage output of strings entered in the form, which may result in a cross-site scripting vulnerability. Taketo Ikeuchi of Hitachi Solutions, Ltd. and Ohji Kashiwazaki of GLOBAL SECURITY EXPERTS inc. reported this vulnerability to...

CLIP-MAIL vulnerable to cross-site scripting

Overview CLIP-MAIL provided by KENT-WEB contains an issue in the webpage output of strings entered in the form, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest version...

EC-CUBE vulnerable to cross-site scripting

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN07192063. Ren Hirasawa of Gehirn Inc. reported this vulnerability to IPA. JPCERT/CC coordinated...

Cross-site Scripting Vulnerability in Hitachi Command Suite Products

Overview Hitachi Command Suite Products contains a cross-site scripting vulnerability. Impact A remote attackers could execute a malicious inserted script on a client which loads it. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate...

eval

This plugin finds eval input injection vulnerabilities. These vulnerabilities are found in web applications, when the developer passes user controled data to the eval function. To check for vulnerabilities of this kind, the plugin sends an echo function with two randomized strings as a parameters...

Novell ZENworks Mobile Management Local File Include Vulnerability

Novell ZENworks Mobile Management is prone to a local file include vulnerability because it fails to adequately validate user-supplied input. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

FileMaker Pro vulnerable to cross-site scripting

Overview FileMaker Pro contains an "Instant Web Publishing" function. When this function is enabled, FileMaker Pro is vulnerable to cross-scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the software Upgrade to the latest version according to the...

Matterdaddy Market - Multiple Vulnerabilities

Matterdaddy Market - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/60150/info Matterdaddy Market is prone to multiple security vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary...

EC-CUBE vulnerable to cross-site scripting

Overview EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in handling the output of parameters, which may result in cross-site scripting. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with th...

eYou /php/ip_status.php 命令执行漏洞

No description provided by source...

Microsoft InfoPath HTML Sanitisation Component XSS Vulnerability (2821818)

This host is missing an important security update according to Microsoft Bulletin MS13-035. OpenVAS Vulnerability Test $Id: secpodofficeinfopathms13-035.nasl 5339 2017-02-18 16:28:22Z cfi $ Microsoft InfoPath HTML Sanitisation Component XSS Vulnerability 2821818 Authors: Antu Sanadi Copyright:...

Script Execution flaw in Google drive poses security threat

Once again Google Security Team Shoot itself in the foot. Ansuman Samantaray, an Indian penetration tester discovered a small, but creative Security flaw in Google drive that poses phishing threat to million of Google users was ignored by Google Security team by replying that,"It is just a mare...

HP Intelligent Management Center - 'topoContent.jsf' Cross-Site Scripting

source: https://www.securityfocus.com/bid/58293/info HP Intelligent Management Center is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...

dopvSTAR* vulnerable to cross-site scripting

Overview dopvSTAR provided by bayashi.net is a software to analyze web access logs. dopvSTAR contains a cross-site scripting vulnerability. Masahiro YAMADA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

dopvCOMET* vulnerable to cross-site scripting

Overview dopvCOMET provided by bayashi.net is a software to analyze web access logs. dopvCOMET contains a cross-site scripting vulnerability. Masahiro YAMADA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact A...

imgboard vulnerable to cross-site scripting

Overview imgboard contains a cross-site scripting vulnerability. imgboard provided by imgboard.com CGI Download Center formerly 1998 t-club CGI Download Center is a bulletin board software that supports posting picture files. imgboard contains a cross-site scripting vulnerability. Yuji Tounai of...

Sonar - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/57982/info Sonar is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of th...

Cybozu Garoon vulnerable to cross-site scripting

Overview Cybozu Garoon contains a cross-site scripting vulnerability. Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Ken Asai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Earl...