Cybozu Garoon vulnerable to arbitrary script execution

Overview Cybozu Garoon, a groupware from Cybozu, contains a vulnerability that allows an attacker to execute an arbitrary script when a user views RSS feed. Yoshiki Kawada of LAC Little eArth Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information...

JVN#52363223: Cybozu Garoon vulnerable to arbitrary script execution

Cybozu Garoon, a groupware from Cybozu, contains a vulnerability that allows an attacker to execute an arbitrary script when a user views RSS feed. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor...

CGIWrap error page cross-site scripting vulnerability

Overview CGIWrap error page is vulnerable to a cross-site scripting. CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms on the web server. CGIWrap contains a cross-site scripting vulnerability as it does not specify charset in the error page. Hirohisa Yamaguc...

Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history

Overview Sleipnir and Grani, web browsers from Fenrir & Co., contain a vulnerability in the bookmark search function that allows an attacker to execute an arbitrary script when search results are restored from history. Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search...

Pixelpost cross-site scripting vulnerability

Overview Pixelpost, an open source content management system used for photo albums, etc., contains a cross-site scripting vulnerability. Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information Security Early Warnin...

WEB MART from KENT WEB vulnerable to cross-site scripting

Overview WEB MART, from KENT WEB, contains a cross-site scripting vulnerability. WEB MART provided by KENT WEB is shopping cart software. WEB MART contains a cross-site scripting vulnerability. Akira Noda of Tokyo Institute of Technology reported this vulnerability to IPA. JPCERT/CC coordinated...

Groupmax World Wide Web Desktop/BUNSHOKANRI(=DocumentManagement) Cross-Site Scripting Vulnerability

Overview A cross-site scripting vulnerability has been found in the Groupmax World Wide Web Desktop/BUNSHOKANRI =DocumentManagement. Impact A remote attacker could execute malicious scripts. Solution Please refer to the 'Vendor Information' section for official countermesure and take appropriate...

Hitachi Groupmax Collaboration Products Cross-Site Scripting Vulnerability

Overview A cross-site scripting vulnerability has been found in the Hitachi Groupmax Collaboration products. Impact A remote attacker could execute arbitrary scripts. Solution Please refer to the 'Vendor Information' section for official countermesure and take appropriate action...

JVN#25448394 Sleipnir and Grani vulnerable to arbitrary script execution when Bookmark search results are restored from history

Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted string is used in a search, an arbitrary script may be executed on the user's web browser when the...

bea-xss.txt

+============================================================================================+ + Oracle Corporation BEA WebLogic Portal & high XSS Vulnerabilities + +============================================================================================+ Authors: Ivan Sanchez Producto:...

HttpLogger vulnerable to cross-site scripting

Overview KLab HttpLogger is vulnerable to cross-site scripting. Klab HttpLogger is full-text search software for web browser histories. HttpLogger is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the...

Zimbra Collaboration Suite script execution vulnerability

Overview Zimbra Collaboration Suite, a web collaboration tool from Zimbra, Inc., contains a vulnerability that could allow a remote attacker to execute an arbitrary script on the user's web browser. Zimbra Collaboration Suite is a web collaboration tool that provides calendar, address book,...

Nagios cross-site scripting vulnerability

Overview Nagios from Nagios.org contains a cross-site scripting vulnerability. Nagios from Nagios.org is software that monitors network services, hosts, and other resources. Nagios contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser...

Mozilla Firefox cross-site scripting vulnerability

Overview Mozilla Firefox web browser contains a cross-site scripting vulnerability. Mozilla Firefox does not properly handle certain HTML documents in ShiftJIS encoding. According to MFSA 2008-13, this flaw could potentially be used to evade web-site input filters and result in a XSS attack hazar...

Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution

Overview The Minnu's filer2 is a Unix file managing program. This software has a vulnerability that allows a attacker to execute arbitrary Ruby scripts with the privilege of the user running the Minnu's filer2. Impact An attacker could take over a user's account, steal the user's information or...

QUICK CART cross-site scripting vulnerability

Overview QUICK CART is a shopping cart system for building Internet shop sites. QUICK CART contains a cross-site scripting vulnerability as it does not validate inputs properly. Impact An arbitrary script could be executed on the user's web browser. Solution None...

Joomla! cross-site scripting vulnerability

Overview Joomla!, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution None...

QwikiWiki cross-site scripting vulnerability

Overview QwikiWiki, one of Wiki clones, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. User credentials could be leaked as a result. Solution None...

Loudblog cross-site scripting vulnerability

Overview Loudblog, an open source content management system used for podcasting, etc., contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly condust session...

NetCommons cross-site scripting vulnerability

Overview NetCommons is an open source content management system, combining e-learning and groupware functionality. NetCommons is developed and distributed by the NetCommons Project. NetCommons contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's...