Cross site scripting

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...

CVE-2020-6850

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...

Cross site scripting

In clearFilter in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string SNMP Options in the View poller cache, leading to XSS...

CVE-2019-11025

In clearFilter in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string SNMP Options in the View poller cache, leading to XSS...

CVE-2019-11025

CVE-2019-11025 affects Cacti prior to 1.2.3; the issue is an XSS in the SNMP Options printed value in the View poller cache due to lack of escaping in utilities.php. Impact is cross-site scripting; exploitation is possible via printing unescaped SNMP community strings. Mitigation: upgrade to a fi...

CVE-2019-11025

In clearFilter in utilities.php in Cacti before 1.2.3, no escaping occurs before printing out the value of the SNMP community string SNMP Options in the View poller cache, leading to XSS...

Perfex CRM Arbitrary File Upload Vulnerability

Perfex CRM is a customer relationship management software. The software features payment management, project management, task assignment and goal tracking. An arbitrary file upload vulnerability exists in the Utilities.php file in Perfex CRM version 1.9.7. A remote attacker can exploit this...

CVE-2017-17976

In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution...

Unrestricted file upload

In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution...

CVE-2017-17976

In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution...

CVE-2017-17976

CVE-2017-17976 affects Perfex CRM 1.9.7 and stems from an unrestricted file upload in the utilities.php workflow, enabling remote code execution. Public sources confirm an arbitrary file upload path via the elfinder feature (elfinder_init) and mkfile, demonstrated by reports referencing shell.php...

DEBIAN-CVE-2010-2544

Cross-site scripting XSS vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing HPC Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter...

CVE-2010-2544

Cross-site scripting XSS vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing HPC Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter...

CVE-2010-2544

CVE-2010-2544 affects Cacti prior to 0.8.7g, where utilities.php fails to sanitize a filter parameter, enabling a remote attacker to inject arbitrary web script via XSS. The issue is publicly discussed across multiple advisories (Gentoo GLSA 201401-20, OpenVAS/CACTI plugins) and is associated wit...

No title provided

Cross-site scripting XSS vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing HPC Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter...