NewStart CGSL MAIN 5.04 : mailman Vulnerability (NS-SA-2019-0008)

The remote NewStart CGSL host, running version MAIN 5.04, has mailman packages installed that are affected by a vulnerability: - A cross-site scripting XSS flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's...

CVE-2018-16248

b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request...

Cross site request forgery (csrf)

b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request...

CVE-2018-16248

b3log Solo 2.9.3 has XSS in the Input page under the "Publish Articles" menu with an ID of "articleTags" stored in the "tag" JSON field, which allows remote attackers to inject arbitrary Web scripts or HTML via a carefully crafted site name in an admin-authenticated HTTP request...

XSS Vulnerability in JEESNS Article Comments

JEESNS is an open source social management system developed on JAVA's enterprise-class platform. JEESNS article comments at the XSS vulnerability , an attacker can use the vulnerability to inject arbitrary Web script or HTML...

httpd: privilege escalation from modules scripts

A flaw was found in Apache where code executing in a less-privileged child process or thread could execute arbitrary code with the privilege of the parent process usually root. An attacker having access to run arbitrary scripts on the web server PHP, CGI etc could use this flaw to run code on the...

Cross site scripting

A reflected Cross-Site scripting XSS vulnerability in SEMCO Semcosoft 5.3 allows remote attackers to inject arbitrary web scripts or HTML via the username parameter to the Login Form...

CVE-2018-18692

CVE-2018-18692 is a reflected XSS vulnerability in SEMCO Semcosoft 5.3. The issue allows an attacker to inject arbitrary web scripts or HTML through the username parameter on the Login Form. Affected component: login form handling in Semcosoft 5.3; root cause: insufficient sanitization/escaping o...

Ubuntu: Security Advisory (USN-3563-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3463-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

D-Link Central WiFiManager Cross-Site Scripting (CVE-2018-17441; CVE-2018-17443)

Multiple cross-site scripting vulnerabilities exist in D-Link Central WiFiManager Software Controller. Successful exploitation of the vulnerabilities would allow remote attackers to inject arbitrary web scripts into the affected system...

Moderate severity vulnerability that affects rails-html-sanitizer

Withdrawn, accidental duplicate publish. Cross-site scripting XSS vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2.x and 5.x allows remote attackers to inject arbitrary web script or HTML via an HTML entity that is mishandled by the Rails::Html::FullSanitizer class...

CVE-2018-16805

In CVE-2018-16805, the affected software is b3log Solo 2.9.3. The vulnerability is a cross-site scripting (XSS) flaw on the Input page under Publish Articles, where an ID named linkAddress stored in the link JSON field can be exploited to inject arbitrary Web scripts or HTML via a crafted site na...

CVE-2018-16805

In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator...

PHP Scripts Mall Website Seller Script Cross-Site Scripting Vulnerability

PHP Scripts Mall Website Seller Script is an e-commerce website system script from PHP Scripts Mall India. A cross-site scripting vulnerability exists in PHP Scripts Mall Website Seller Script version 2.0.5. The vulnerability can be exploited by a remote attacker to inject arbitrary web script or...

Cross site scripting

SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross Site Scripting XSS vulnerability that can result in Allows an attacker to inject arbitrary web scripts or HTML into help and login pages. This attack appear to be exploitable via the victim opening a specially crafted URL...

CVE-2018-1000611

SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross Site Scripting XSS vulnerability that can result in Allows an attacker to inject arbitrary web scripts or HTML into help and login pages. This attack appear to be exploitable via the victim opening a specially crafted URL...

CVE-2018-1000611

SURFnet OpenConext EngineBlock version 5.7.0 to 5.7.3 contains a Cross Site Scripting XSS vulnerability that can result in Allows an attacker to inject arbitrary web scripts or HTML into help and login pages. This attack appear to be exploitable via the victim opening a specially crafted URL...

Cross site scripting

Cross-site scripting XSS vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/newreport.kp URI...

PYSEC-2018-116

Cross-site scripting XSS vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/newreport.kp URI...