4485 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in the Workflow 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving node properties...
CVE-2008-0463
Cross-site scripting XSS vulnerability in the Workflow 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving node properties...
CVE-2008-0463
Cross-site scripting XSS vulnerability in the Workflow 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2 module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving node properties...
CVE-2008-0463
The CVE-2008-0463 entry concerns a Cross-site Scripting (XSS) vulnerability in the Drupal Workflow module, affecting versions 4.7.x before 4.7.x-1.2 and 5.x before 5.x-1.2. The issue involves the ability for remote attackers to inject arbitrary web script or HTML via unspecified vectors involving...
SA-2008-009 - Workflow - Cross site scripting
The Workflow module allows the creation and assignment of arbitrary workflows to Drupal node types. Workflow does not escape certain node properties on output. It is therefore possible to inject arbitrary HTML and script code into certain workflow messages such as those displayed on the workflow...
JVN#90712589 Multiple Cybozu products vulnerable to cross-site scripting
Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN50342989. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Cybozu Office 6....
JVN#50342989 Multiple Cybozu products vulnerable to cross-site scripting
Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN90712589. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Cybozu Office 6....
CVE-2007-5702
Cross-site scripting XSS vulnerability in swamp/action/LoginActions aka the login box in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtaine...
CVE-2007-5702
CVE-2007-5702 covers a Cross-site Scripting (XSS) vulnerability in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x, specifically in the login component swamp/action/LoginActions (the login box). The vulnerability arises from improper handling of the username paramete...
CVE-2007-5702
Cross-site scripting XSS vulnerability in swamp/action/LoginActions aka the login box in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtaine...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via 1 a saved Workflow name; 2 a Workflow name, related to deletion of a Workflow template...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via 1 a saved Workflow name or 2 the Content-Type HTTP header. NOTE: item 2 also...
CVE-2007-3255
Multiple cross-site request forgery CSRF vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via 1 a saved Workflow name or 2 the Content-Type HTTP header. NOTE: item 2 also...
Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities
netVigilance Security Advisory 28 Jetbox CMS version 2.1 Multiple SQL Injection Vulnerabilities Description: Jetbox CMS is seriously tested on usability & has a professional intuitive interface. The system is role based, with workflow and module orientated. All content is fully separated from...
Code injection
Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01...
CVE-2007-2130
Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01...
CVE-2007-2130
CVE-2007-2130 describes an unspecified vulnerability in Oracle’s Workflow Cartridge affecting Oracle Database Server (9.2.0.1, 10.1.0.2, 10.2.0.1), Application Server (9.0.4.3, 10.1.2.0.2), Collaboration Suite (10.1.2), and E-Business Suite. The description indicates unknown impact and remote aut...
WORK system e-commerce <= 3.0.5 Remote File Inclusion Vulnerability
No description provided by source. Rodrigo Duarte WuefezAT2die4.com ;D WORK system e-commerce: WORK PHP,Mysql content management system CMS e-commerce or not : ajax, workflow, content,package,language,currency,country,price,stock,group user,CSS,banner,logo,...
WORK system e-commerce <= 3.0.5 Remote File Inclusion Vulnerability
No description provided by source. Rodrigo Duarte WuefezAT2die4.com ;D WORK system e-commerce: WORK PHP,Mysql content management system CMS e-commerce or not : ajax, workflow, content,package,language,currency,country,price,stock,group user,CSS,banner,logo,...
Cross site scripting
Cross-site scripting XSS vulnerability in Oracle Reports Web Cartridge RWCGI60 in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and...