RSA Archer, versions prior to 6.4.0.1, contain a stored cross-site scripting vulnerability. A remote authenticated malicious Archer user could potentially exploit this vulnerability to store malicious HTML or JavaScript code in a trusted application data store. When application users access the corrupted data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. RSA Archer, versions prior to 6.4.0.1, contain an authorization bypass vulnerability in the REST API. A remote authenticated malicious Archer user could potentially exploit this vulnerability to elevate their privileges.
574ac49865a7a3a381903494b92d19f8WordPress All In One Favicon plugin version 4.6 suffers from a cross site scripting vulnerability.
4e1fd052af536e388490d26a91809868MyBB New Threads plugin version 1.1 suffers from a cross site scripting vulnerability.
ad2681c777df161b9e3674786e010194Barracuda Cloud Control version 7.1.1.003 suffers from a cross site scripting vulnerability.
ff2e83501f0a7393dc41facb92cd154fBarracuda Cloud Control version 3.020 suffers from a cross site scripting vulnerability.
f23473cf4a6e820950f67bcee0f9bdf1Open-AudIT Community version 2.1.1 suffers from a cross site scripting vulnerability.
8d1bccdf395bdfdaa21807febf23168eDebian Linux Security Advisory 4246-1 - Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. discovered that mailman, a web-based mailing list manager, is prone to a cross-site scripting flaw allowing a malicious listowner to inject scripts into the listinfo page, due to not validated input in the host_name field.
5da3a31476892b5c1ed2b5e50d884a97Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway systems are prone to multiple reflected and stored cross-site scripting vulnerabilities due to a failure to properly sanitize user-supplied input to several parameters that are handled by various servlets. Attackers can exploit this issue to execute arbitrary HTML and script code in a user's browser session. Many versions are affected.
4335daff61aee85b79cf9f7773893b4cWordPress Job Manager plugin version 4.1.0 suffers from a cross site scripting vulnerability.
713677340126e577af82e0180131ad8fOpenConext-EngineBlock versions 5.7.0 through 5.7.3suffers from a cross site scripting vulnerability.
0f69b9dff062062f1f42999854188322Barracuda ADC version 5.x suffers from cross site scripting vulnerabilities.
99b253616567048a1e05557ba0af4897RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains an authorization bypass vulnerability within the workflow architect component (ACM). A remote authenticated malicious user with non-admin privileges could potentially bypass the Java Security Policies. Once bypassed, a malicious user could potentially run arbitrary system commands at the OS level with application owner privileges on the affected system. RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to a vulnerable web application, which is then reflected back to the victim and executed by the web browser.
1a57d9533919b282096f7aa641a6e6a8ASUS WRT-AC66U version 3.x suffers from a cross site scripting vulnerability.
aba480dfcc85355673312758589656c4AT&T Bizcircle suffered from a persistent cross site scripting vulnerability.
6af7e51a7e3f193603f050d6f1455865Secutech DSL WR RIS 330 suffers from bypass and cross site scripting vulnerabilities.
17790cf345c66be4d62639d40e195a4fWAGO e!DISPLAY 7300T WP 4.3 480x272 PIO1 version FW 01 - 01.01.10(01) suffer from code execution, cross site scripting, weak permission, and remote file upload vulnerabilities.
f12e1bdd6ce0d40862c5cca1957f6a1aInstagram Clone Script version 2.0 suffers from a cross site scripting vulnerability.
0c815e52abb806819d20e05d3af573fcBarracuda ADC versions 5.x suffer from filter bypass and cross site scripting vulnerabilities.
4922f65cd11623f8f9e1265483337ccdSeoChecker Umbraco CMS plugin version 1.9.2 suffers from stored cross site scripting vulnerabilities.
a96d379727f9195ab3a19721905af0f2Airties AIR5444TT suffers from a cross site scripting vulnerability.
0dd6ee33fe368a4f8be66f74c0a28165Subrion CMS version 4.2.1 suffers from a persistent cross site scripting vulnerability.
c050d3f68c4691a99cbb80bb3bbb2b64Debian Linux Security Advisory 4239-1 - Fabian Henneke discovered a cross-site scripting vulnerability in the password change form of GOsa, a web-based LDAP administration program.
56086d082ca5d123804f4ef1df3e16f2ModSecurity version 3.0.0 suffers from a cross site scripting vulnerability.
81b262867ce165967872ed711dea1794OX App Suite version 7.8.5 suffers from XML external entity injection, information disclosure, and cross site scripting vulnerabilities.
b4faef1ad16b321741447e57a22a0b31extjs versions prior to 6.6.0 suffer from a cross site scripting vulnerability.
6918d7270bd31d8743adad33428062bc
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed