Multiple reflected cross site scripting issues were discovered in Cyberoam NG appliances. Input passed via the 'ipFamily', 'applicationname' and 'username' GET parameters to LiveConnections.jsp and LiveConnectionDetail.jsp is not properly sanitized before being returned to the user. Adding arbitrary 'X-Forwarded-For' HTTP header to a request makes the appliance also prone to a XSS issue. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
76576be8630c45295bbad88ae0ff962e2700d9f8ae39ccd8dac71c467da5f8b9Adtran Personal Phone Manager version 10.8.1 suffers from multiple reflective cross site scripting vulnerabilities.
91eb377154488ec7c016952ffe3b4ebf2791bd6838a98d08693e4ebf4db983baWordPress Photo Gallery plugin versions 1.5.69 and below suffer from multiple reflective cross site scripting vulnerabilities.
f5cee129a211aee4e8107180c84597f0d60b54808dacf0f7a05afefadeaa5233Revive Adserver versions 5.1.0 and below suffer from multiple reflective cross site scripting vulnerabilities.
190f88d88bd59a6e458fe50325d73d4011e9b7ef2b33f6962a495f46bb142f9aThe OpenAsset Digital Asset Management web application suffers from multiple reflected and persistent cross site scripting vulnerabilities. Vulnerable versions include 12.0.19 (Cloud) and 11.2.1 (On-premise).
f23463f784d061541c79ecdec79a17114bfcaa396f5627dde1e0c79a90a2ae45WebPort version 1.19.1 suffers from multiple reflective cross site scripting vulnerabilities.
41cb6485bf5e035d4851be24eb39824dc1a47ab1146412bf9506a4d7447ad66dHospital Management System version 4.0 suffers from multiple reflective cross site scripting vulnerabilities.
577785f9f7a77543366601d345329f948706e972436cf56919df3d22f41fd7d4SugarCRM versions 9.0.1 and below suffer from multiple reflective cross site scripting vulnerabilities.
7d09c62859ee6df54d6c301681c3cf8c05bd10fec1feda4693b0c5f024b83971VFront version 0.99.5 suffers from multiple reflective cross site scripting vulnerabilities.
0d216805ffd29114e6cd997888f40343e29ba2dc8cd90edfb1e67454e391efa7Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems are prone to multiple reflected and stored cross-site scripting vulnerabilities due to a failure to properly sanitize user-supplied input to several parameters that are handled by various servlets. Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session. Many versions are affected.
2c2c864e961de08f8e726f2b647913aff2b13bf29b8cce66e3aa650d3bd351e5Monstra CMS version 3.0.4 suffers from multiple reflective and persistent cross site scripting vulnerabilities.
3bfe1c63389f9f72b080996c4451b43f30d95003183be45dbe4978c930bf897bZKBioSecurity suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 3.0.1.0_R_230 is affected.
661201e7c27f788dde650a2d5226bddfa2456cc33d8e22a68d5114c6bd2a7de2Iris ID IrisAccess ICU 7000-2 is prone to multiple reflected cross site scripting vulnerabilities due to a failure to properly sanitize user-supplied input to the 'HidChannelID' and 'HidVerForPHP' POST parameters in the 'SetSmarcardSettings.php' script. Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session. The application also allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
e7183b03f0ff99292c399fd3826568ee44c2d72211f15de97442670cff6e2a47Wowza Streaming Engine suffers from multiple reflected cross site scripting vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 4.5.0 build 18676 is affected.
2523e79ab44f97c6ba12c7d6cca69bcb2705a67438d5e18cab9228b1987fd2b6CA Technologies Support is alerting customers to multiple potential risks with CA Release Automation. Three vulnerabilities exist that can allow a remote attacker to potentially gain sensitive information or cause a denial of service condition. CA has fixes available. The first vulnerability occurs due to the inclusion of a vulnerable 3rd party component, Open Flash Chart. A remote attacker can conduct cross-site scripting attacks The second vulnerability occurs due to insufficient verification of requests to the web server, which can lead to limited XML external entity attacks. An authenticated attacker in the local network can potentially gain sensitive information or cause a denial of service condition. The third vulnerability occurs due to insufficient verification of requests to the web interface, which leads to multiple reflected cross-site scripting vulnerabilities and one stored cross-site scripting vulnerability.
2ef5f54923997660f51cadb44ff051e243c99d18929f23a00717e9198858f0d9Log2Space Central version 6.2 suffers from multiple reflective cross site scripting vulnerabilities.
dba77879de8c9efbd44b477ecd995853b0c1e6b8aff0aaba5e2d0c6d5ec3134fWordPress ResAds plugin version 1.0.1 suffers from multiple reflective cross site scripting vulnerabilities.
77dc179cb529b870639eb019931596493779f2f1e32d9bd99a03db17385a4abcZurmo CRM version 2.8.5 suffers from multiple reflective cross site scripting vulnerabilities.
e8ad5e444260d1a470d810f235c031ebb743e78b01cfff15a78d14dcdbfa4353Concrete5 CMS versions 5.7.2 and 5.7.2.1 suffer from multiple reflective cross site scripting vulnerabilities.
38fa7b6e86beb417bcaeb373a842e9a87af92a2f22c02289fbb095fad3e118d7Onapsis Security Advisory - The SAP HANA Developer Edition contains multiple reflected cross site scripting vulnerabilities (XSS) in the democontent area.
d98ec0c662aa2e76ea7c61dcd491019b639f2b4fe8e0fc31991ae7f856d4d36aManageEngine EventLog Analyzer version 7.2.2 suffers from multiple reflective cross site scripting vulnerabilities.
0bf36f68da768952108b58e9e72774b2bf741922f4c175919319cf299d4fe76dDELL SonicWALL GMS version 7.2 build 7221.1701 suffers from multiple reflective cross site scripting vulnerabilities.
8c628a32636a204c5621e732a5912dbe9bec353645b48fb912eabe6942908969BarracudaDrive version 6.7.2 suffers from multiple reflective and persistent cross site scripting vulnerabilities.
d41472b73eb1e68306169abb69831256e5000c2d91afe4d895f79081b2bd8cb6AKER Secure Mail Gateway versions 2.5.2 and below suffer from multiple reflective cross site scripting vulnerabilities.
ab5924cb2e8e920bf0c586e1b34dba02ede340dc74de1607cbabdf1fa1986191Vtiger version 5.4.0 suffers from multiple reflective cross site scripting vulnerabilities.
46e34297293eac83bae71ead7c25d12b59b59c45ffcc8e3a0a616f838ad25e3fMODx version 2.2.10 suffers from multiple reflective cross site scripting vulnerabilities.
7c57fe4cd97450b18471d0a901f38ba5ae88a8ad2b1ace28ba3b004660316352
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed