cross site scripting xss vulnerability fix

Author mog Brief description:Cross-site scripting (XSS) attacks exist in ET voice software. The account password can be obtained through simulated login.Detailed description:When a custom video is played in a channel, the webpage is called.Http://et.sdo.com/video.asp? Uid = 1519420908 gid = 3174160 cid = 286332744 videourl = xxxCross-

Release date: 2012-10-08Updated on: 2012-10-09 Affected Systems:Drupal Lingotek Module 6. X-1.1Unaffected system:Drupal Lingotek Module 6. x-1.40Description:--------------------------------------------------------------------------------Bugtraq id: 51272Cve id: CVE-2012-1624 Drupal is an open source content management platform. Drupal's Lingotek module has an XSS vulnerability that allows remote authenti

Release date: 2012-10-08Updated on: 2012-10-09 Affected Systems:Drupal Video Filter 7. x-2.xDrupal Video Filter 6. x-2.xDescription:--------------------------------------------------------------------------------Bugtraq id: 51381Cve id: CVE-2012-1634 Drupal is an open source content management platform. Drupal's Video Filter module has the XSS vulnerability, which allows remote attackers to inject arbitr

Release date:Updated on: Affected Systems:Ruby on Rails 3.xRuby on Rails 2.xRuby on Rails 1.xDescription:--------------------------------------------------------------------------------Bugtraq id: 54957Cve id: CVE-2012-3465 Ruby on Rails (RoR or Rails) is an open-source Web application framework written in Ruby. It is developed in strict accordance with the MVC structure. Ruby on Rails 3.0.17 3. there is an XSS

Release date:Updated on: Affected Systems:Ruby on Rails 3.xRuby on Rails 2.xRuby on Rails 1.xDescription:--------------------------------------------------------------------------------Bugtraq id: 54959Cve id: CVE-2012-3463 Ruby on Rails (RoR or Rails) is an open-source Web application framework written in Ruby. It is developed in strict accordance with the MVC structure. Ruby on Rails 3.0.17 3. there is an XSS

Release date:Updated on: Affected Systems:IBM Websphere Application Server 8.xIBM Websphere Application Server 7.xIBM Websphere Application Server 6.xUnaffected system:IBM Websphere Application Server 8.0.0.4IBM Websphere Application Server 6.1.0.45Description:--------------------------------------------------------------------------------Bugtraq id: 55149Cve id: CVE-2012-3293 IBM WebSphere Application Server (WAS) is an Application Server developed and released by IBM in compliance with open

Release date:Updated on: Affected Systems:Arbornetworks Networks Peakflow SP 3.6.1Unaffected system:Arbornetworks Networks Peakflow SP 5.6Arbornetworks Networks Peakflow SP 5.5 patch5Arbornetworks Networks Peakflow SP 5.1.1 patch 5Description:--------------------------------------------------------------------------------Bugtraq id: 52881Cve id: CVE-2012-4685 Arbor Networks Peakflow SP is a vital threat management system component in the Peakflow SP solution. It is used in a powerful application

Release date:Updated on: Affected Systems:Apache Group HTTP Server 2.4.xApache Group HTTP Server 2.2.xDescription:--------------------------------------------------------------------------------Bugtraq id: 58165CVE (CAN) ID: CVE-2012-3499 Apache HTTP Server is an open source HTTP Server. Apache HTTP Server 2.4.4 and earlier versions have Multiple XSS vulnerabilities through module (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, (5)

Release date: 2012-09-07Updated on: Affected Systems:Apache Group Wicket 1.xDescription:--------------------------------------------------------------------------------Bugtraq id: 55445Cve id: CVE-2012-3373 Wicket provides an object-oriented method for developing Web-based Dynamic UI applications. Apache Wicket versions earlier than 1.4.21 and 1.5.8 add encoded NULL bytes to the URL pointing to the Wicket application, inject JS statements into ajax, send malicious URLs to users, and induce th

Release date: 2012-03-27Updated on: Affected Systems:MyBB 1.6.6Description:--------------------------------------------------------------------------------Bugtraq id: 52743 MyBB is a popular Web forum program. MyBB has the SQL injection and Cross-Site Scripting Vulnerabilities. These vulnerabilities allow attackers to execute arbitrary script code, steal cookie a

Release date:Updated on: Affected Systems:Fortinet FortiWeb 5.0.3Description:--------------------------------------------------------------------------------Bugtraq id: 65303CVE (CAN) ID: CVE-2013-7181 FortiGate security products can detect and eliminate network threats. Fortinet FortiWeb 5.0.3 and other versions do not properly filter the "filter" parameter of/user/ldap_user/add. There is a security vulnerability in implementation, this

Brief description: The Tag Cloud function is not strictly filtered. As a result, members can enter cross-site JS Script Reference on any product details page. The background Administrator account is leaked. Detailed description: Vulnerability proof: External test. js file content. Allows you to modify the username and retrieve the password mailbox of the Ad

Release date:Updated on: Affected Systems:X2engine X2CRM 3.4.1Description:--------------------------------------------------------------------------------Bugtraq id: 62634CVE (CAN) ID: CVE-2013-5693 X2CRM is an open-source sales, marketing automation and service application. X2CRM 3.4.1 is not properly filtered and passed to "/index. php/admin/editor "URL's" model "http get parameter value. Remote attackers can trick the Administrator into opening a specially crafted link, attackers can exploit

Affected Versions:PhpMyFAQ 2.6.x Vulnerability description: PhpMyFAQ is a multi-language, database-based FAQ System. PhpMyFAQ does not properly filter the request parameters submitted to the index. php page and returns them to the user. Remote attackers can inject JavaScript code to the page output by submitting malicious URL requests, resulting in Domain Cookie Theft. Http://www.phpmyfaq.de/advisory_2010-09-28.phpHttp://secunia.com/advisories/416

Affected Versions: e107.org e107 website system 0.7.16Vulnerability Description: bugtraq id: 36517 E107 is a content management system written in php. The page (http: // site/email. php? News.1) does not properly filter the Referer header. Remote attackers can execute cross-site scripting attacks by submitting malici

Affected Versions: HP System Management Homepage 3.0HP System Management Homepage 2.1Vulnerability description: HP System Management home page (SMH) is a Web-based interface that integrates and simplifies Windows, Lunux, and HP-UX Operating Systems A single system management process for HP servers. Hp smh does not properly filter the servercert parameter in the URI request. If a user is cheated and follows a malicious link, cross-

Release date:Updated on: Affected Systems:Htbridge AContent 1.xDescription:--------------------------------------------------------------------------------Cve id: CVE-2012-5167, CVE-2012-5169 AContent is an e-learning content creation tool and library that supports the import, export, and production of IMS content packages. Multiple vulnerabilities in AContent 1.2 and earlier versions can be exploited by malicious users to execute cross-

Release date:Updated on: 2013-02-01 Affected Systems:Cisco Network Admission Control 4.xDescription:--------------------------------------------------------------------------------Bugtraq id: 57632CVE (CAN) ID: CVE-2012-6029The Cisco Network Admission Control (NAC) system consists of Cisco NAC Manager and servers. It is a policy component of the Cisco TrustSec solution.Cisco Network Admission Control does not properly filter web authentication function parameters. attackers can execute arbitrary

Discuz! Is a popular Web forum program in Chinese regions. Discuz! The Forum does not properly filter and submit it to eccredit. the uid parameter of the php page. Remote attackers can execute cross-site scripting attacks by submitting malicious parameter requests to the Forum, resulting in arbitrary HTML and script code injection and execution in users' browser

attack refers to the Web application will save the user input data information in the server side of the database or other file form, the Web page for data query display, the data content is obtained from the database, and the data content in the Web page to display, so the storage-type XSS has strong stability.The most common scenario for storage-type XSS scripting