VOOKI - Web Application Vulnerability Scanner

Vooki is a free web application vulnerability scanner. Vooki is a user-friendly tool that you can easily scan any web application and find the vulnerabilities. Vooki includes Web Application Scanner, Rest API Scanner, and reporting section. Vooki – Web Application Scanner can help you to find the...

Security Bulletin: Multiple vulnerabilities in IBM SPSS Collaboration and Deployment Services

Summary Multiple vulnerabilities exist in IBM SPSS Collaboration and Deployment Services. See the individual descriptions for details. Vulnerability Details VULNERABILITY DETAILS: CVEID: CVE-2013-4044 DESCRIPTION: An authenticated remote attacker can send a HTTP request to retrieve the content of...

Security Bulletin: Cross-site scripting vulnerability in IBM WebSphere Application Server (CVE-2016-0283)

Summary There is a cross-site scripting vulnerability in WebSphere Application Server Liberty when using the OpenID Connect OIDC client. Vulnerability Details CVEID: CVE-2016-0283 DESCRIPTION: IBM WebSphere Application Server is vulnerable to cross-site scripting in the OIDC client web applicatio...

Security Bulletin: IBM WebSphere Lombardi Edition and IBM Business Process Manager (BPM) cross-site scripting vulnerability in error situations (CVE-2014-0957)

Summary When you invoke a service using a URL, user input can be returned in unhandled service failure situations. Vulnerability Details CVE ID: CVE-2014-0957 DESCRIPTION: IBM WebSphere Lombardi Edition and IBM Business Process Manager are vulnerable to cross-site scripting that is caused by the...

Chrome Extension "5000 trillion yen converter" vulnerable to cross-site scripting

Overview Chrome Extension "5000 trillion yen converter" provided by Owen contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the user's web browser. Solution Update the extension Update the extension according to the information provided by the...

Chrome Extension "5000 trillion yen converter" Cross-Site Scripting Vulnerability

Google Chrome is an iOS-based web browser developed by Google USA. A cross-site scripting vulnerability exists in Chrome Extension "5000 trillion yen converter", which can be exploited by an attacker to execute arbitrary scripts on a user's web browser...

Cross site scripting

The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the...

CVE-2018-11690

The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the...

CVE-2018-11688

Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site,...

CVE-2018-5175

A mechanism to bypass Content Security Policy CSP protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, a...

Design/Logic Flaw

If the "app.support.baseURL" preference is changed by a malicious local program to contain HTML and script content, this content is not sanitized. It will be executed if a user loads "chrome://browser/content/preferences/in-content/preferences.xul" directly in a tab and executes a search. This...

CVE-2018-5175

A mechanism to bypass Content Security Policy CSP protections on sites that have a "script-src" policy of "'strict-dynamic'". If a target website contains an HTML injection flaw an attacker could inject a reference to a copy of the "require.js" library that is part of Firefox's Developer Tools, a...

CVE-2018-5133

CVE-2018-5133 affects Firefox before 59, where a malicious local program can set the app.support.baseURL preference to HTML/script, which is not sanitized and can execute when loading chrome://browser/content/preferences/in-content/preferences.xul or when an EME CDM-disabled notification is shown...

Netis-WF2419 HTML Injection Vulnerability

Netis-WF2419 is a router product. The Netis-WF2419 suffers from an HTML injection vulnerability that stems from a program not properly validating user-supplied input. An attacker could use this vulnerability to run HTML and script code in the context of an affected website to steal cookie-based...

Cross site scripting

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters...

Mozilla Firefox Security Bypass Vulnerability (CNVD-2018-11922)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 60. A remote attacker could exploit the vulnerability to bypass content security policy protections used to restrict script...

Mozilla Firefox Design Vulnerability

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in the Live Bookmark page and PDF reader in versions of Mozilla Firefox prior to 60. A remote attacker can exploit this vulnerability by performing a social...

Design/Logic Flaw

Restify is a framework for building REST APIs. Restify =2.0.0 =4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers...

CVE-2017-16018

Restify vulnerability CVE-2017-16018 affects the restify framework (versions 2.0.0 through 4.0.4). The issue is a Cross‑Site Scripting (XSS) vulnerability that occurs when URL encoded script tags are used in a non-existent URL, allowing an attacker to run script in some browsers. The practical im...

CVE-2018-11552

There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON-Auto-Dialer-Agents-Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attacker can execute arbitrary HTML and script code in a browser in the context of the vulnerable applicati...