Cross-site Scripting (XSS)

github.com/revel/revel is vulnerable to cross-site scripting XSS attacks. It does not perform HTML escaping of string arguments...

Stored Cross-Site Scripting Vulnerability at Custom Inputs in Thinksaas System

ThinkSAAS is a lightweight open source community system is a community system that can be used to build discussion groups, bbs and circles. A stored cross-site scripting vulnerability exists in Thinksaas version 2.5 at the system's custom input. The system uses a blacklisting mechanism to filter...

Ubuntu: Security Advisory (USN-3257-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS : WebKitGTK+ vulnerabilities (USN-3257-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3257-1 advisory. A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, ...

Information disclosure

The RegEx class in the XSS filter in Microsoft Edge allows remote attackers to conduct cross-site scripting XSS attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in...

MantisBT < 1.3.1, 2.x < 2.0.0-beta.2 Weak Content Security Policy Vulnerability - Linux

MantisBT is prone to a weak Content Security Policy vulnerability. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Ubuntu 16.04 LTS : WebKitGTK+ vulnerabilities (USN-3191-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3191-1 advisory. A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, ...

CVE-2016-6934

Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks...

CVE-2016-7882

Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks...

Ubuntu 16.04 LTS : WebKitGTK+ vulnerabilities (USN-3079-1)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3079-1 advisory. A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, ...

spacewalk-java: Multiple XSS issues in WebUI

Multiple cross-site scripting XSS flaws were found in the way certain form data was handled in Red Hat Satellite. A user able to enter form data could use these flaws to perform XSS attacks against other Satellite users...

Debian DSA-3495-1 : xymon - security update

Markus Krell discovered that xymon, a network- and applications-monitoring system, was vulnerable to the following security issues : - CVE-2016-2054 The incorrect handling of user-supplied input in the 'config' command can trigger a stack-based buffer overflow, resulting in denial of service via...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the bannereffectemail parameter in the BannerEffectOptions pag...

Sql injection

SQL injection vulnerability in the actionIndex function in protected/modulescore/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php. NOTE: this can be leveraged for...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the yURL ReTwitt plugin 1.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting XSS attacks via the 1 yurllogin or 2 yurlanchor parameter in the...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 create new FTP users via a CreateFTP action in the ftpmanagement module to the default URI, 2 conduct cross-site scriptin...

Ubuntu 14.04 LTS : Firefox vulnerabilities (USN-2295-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2295-1 advisory. Christian Holler, David Keeler, Byron Campen, Gary Kwong, Jesse Ruderman, Andrew McCreight, Alon Zakai, Bobby Holley, Jonathan Watt, Shu-yu Guo, Steve...

TDizin Arama.ASP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24515/info TDizin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on...

Expinion.net Member Management System 2.1 register.asp err Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/9932/info It has been reported that a number of Member Management System scripts are prone to cross-site scripting vulnerabilities. These issues are reportedly due to a failure to sanitize user input and so allow HTML and...

GNUTurk Mods.PHP Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24152/info Gnuturk is prone to a cross-site scripting vulnerability. Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website...