CVE-2016-5394 CVSS:0.0
In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnerabilities. (Last Update:2017-07-19) (Publish Update:2017-07-19)
CVE-2016-6798 CVSS:0.0
In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially allowing an attacker to read sensitive data on the filesystem, perform same-site-request-forgery (SSRF), port-scanning behind the firewall or DoS the application. (Last Update:2017-07-19) (Publish Update:2017-07-19)
CVE-2016-7507 CVSS:0.0
Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application. (Last Update:2017-07-19) (Publish Update:2017-07-19)
CVE-2016-7509 CVSS:0.0
Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket. (Last Update:2017-07-19) (Publish Update:2017-07-19)
CVE-2017-10801 CVSS:0.0
phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO to the search/tag/ URI. (Last Update:2017-07-19) (Publish Update:2017-07-19)
CVE-2017-11439 CVSS:0.0
In Sitecore 8.2, there is reflected XSS in the shell/Applications/Tools/Run Program parameter. (Last Update:2017-07-19) (Publish Update:2017-07-19)
CVE-2017-11441 CVSS:0.0
The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297. (Last Update:2017-07-19) (Publish Update:2017-07-19)
CVE-2017-11444 CVSS:0.0
Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in /front/search.php via the $_GET array. (Last Update:2017-07-19) (Publish Update:2017-07-19)
CVE-2017-11445 CVSS:0.0
Subrion CMS before 4.1.6 has a SQL injection vulnerability in /front/actions.php via the $_POST array. (Last Update:2017-07-19) (Publish Update:2017-07-19)
CVE-2017-11456 CVSS:0.0
Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file. (Last Update:2017-07-19) (Publish Update:2017-07-19)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com