Subsonic is an open source web media server that enables the management of media resources such as music or videos. Its official website is www.subsonic.org. The version affected by the identified vulnerabilities is 6.1.1, released May 31, 2017.
News & Events
News tagged "Cross-Site Scripting"
CremeCRM is an open source CRM. It allows organizations to manage business data concerning customers, invoices, orders, and products. Its official website is www.cremecrm.com, and source code can be obtained on bitbucket.org/hybrid/. Version 1.6.12 was released on July 28, 2017. A Bishop Fox researcher found several security vulnerabilities in the CRM.
Jirafeau is an open source file sharing web application, distributed under an AGPL version 3 license. It is a fork of the project Jyraphe and allows users to share files for a defined period and protect downloads via a password. The project’s official website is gitlab.com/mojo42/Jirafeau. The latest version of the application is 3.3.0, released on September 8, 2017. Ten vulnerabilities were identified within the Jirafeau web application – five cross-site scripting vulnerabilities (two stored and three reflected) as well as five cross-site request forgery vulnerabilities.
Three vulnerabilities were discovered in the Accellion Kiteworks appliance. The three vulnerabilities consisted of issues directly pertaining to incorrect default permissions, cross-site scripting, and path traversal.
Title: OS X Messages (iMessage): XSS & File Disclosure Release Date: March 21, 2016 Patch Date: March 21, 2016 Reported Date: February 2016 Vendor: Apple Systems Affected: Messages (iMessage) on OS X <= 9.1 Summary: Messages (iMessage) for OS X, a popular messaging platform from Apple, implements much of its user interface via an embedded …
A reflected cross-site scripting vulnerability was found in the post-authentication administrative panel for ColdFusion, an Adobe web application development platform. Due to the critical functionality in the administration panel, an attacker could leverage this vulnerability to execute arbitrary commands on the server.