EUVD-2018-18337

Malware in sbrugna...

WordPress plugin Personizely 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2020-13627

Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...

CVE-2020-13628

Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...

CVE-2020-13627

Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...

CVE-2020-13628

Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...

Cross site scripting

Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...

CVE-2020-13627

Cross-site scripting XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5,...

CVE-2018-6587

CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable...

Cross site scripting

CA API Developer Portal 3.5 up to and including 3.5 CR6 has a reflected cross-site scripting vulnerability related to the widgetID variable...

CVE-2018-6587

CA API Developer Portal versions 3.5 up to and including 3.5 CR6 are affected by a reflected cross-site scripting vulnerability in the widgetID variable. The root cause is insufficient filtering of user-submitted HTML code in the widgetID handling, enabling arbitrary script execution. CVSS metric...

ZOHO ManageEngine Applications Manager SQL Injection Vulnerability (CNVD-2017-37182)

ZOHO ManageEngine Applications Manager is a set of IT operations management solutions from ZOHO. A SQL injection vulnerability exists in ZOHO ManageEngine Applications Manager version 13. The vulnerability can be exploited by a remote attacker to inject SQL statements using the 'widgetid' paramet...

Sql injection

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter...

CVE-2017-16851

Zoho ManageEngine Applications Manager 13 before build 13530 allows SQL injection via the /MyPage.do widgetid parameter...

CVE-2017-16851

CVE-2017-16851 affects Zoho ManageEngine Applications Manager 13 prior to build 13530. The vulnerability is a SQL injection exploited via the /MyPage.do widgetid parameter, enabling unauthenticated network-accessible exploitation with partial data confidentiality/integrity/availability impact (pe...

Informatica: [marketplace.informatica.com] - XXE

Request: POST /services/v2/rest/wall/new/count HTTP/1.1 Host: marketplace.informatica.com Connection: keep-alive Content-Length: 249 Accept: application/json, text/javascript, / X-J-Token: no-user X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 Windows NT 6.3; WOW64 AppleWebKit/537.36...