CVE List - 2017 / September
Showing 401 - 500 of 1228 CVEs for September 2017 (Page 5 of 13)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2017-8629 | 2017-09-13 | Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka... |
| CVE-2017-8630 | 2017-09-13 | Microsoft Office 2016 allows a remote code execution vulnerability when it fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from... |
| CVE-2017-8631 | 2017-09-13 | A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013... |
| CVE-2017-8632 | 2017-09-13 | A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft... |
| CVE-2017-8643 | 2017-09-13 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the... |
| CVE-2017-8648 | 2017-09-13 | Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory,... |
| CVE-2017-8649 | 2017-09-13 | Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way... |
| CVE-2017-8660 | 2017-09-13 | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the... |
| CVE-2017-8675 | 2017-09-13 | The Windows Kernel-Mode Drivers component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10... |
| CVE-2017-8676 | 2017-09-13 | The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows... |
| CVE-2017-8677 | 2017-09-13 | The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold,... |
| CVE-2017-8678 | 2017-09-13 | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold,... |
| CVE-2017-8679 | 2017-09-13 | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold,... |
| CVE-2017-8680 | 2017-09-13 | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows an... |
| CVE-2017-8681 | 2017-09-13 | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold,... |
| CVE-2017-8682 | 2017-09-13 | Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607,... |
| CVE-2017-8683 | 2017-09-13 | Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607,... |
| CVE-2017-8684 | 2017-09-13 | Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1, allows information disclosure by... |
| CVE-2017-8685 | 2017-09-13 | Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows information disclosure by the way it discloses kernel memory addresses, aka "Windows GDI+ Information... |
| CVE-2017-8687 | 2017-09-13 | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold,... |
| CVE-2017-8688 | 2017-09-13 | Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607,... |
| CVE-2017-8692 | 2017-09-13 | The Windows Uniscribe component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote... |
| CVE-2017-8695 | 2017-09-13 | Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607,... |
| CVE-2017-8699 | 2017-09-13 | Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703,... |
| CVE-2017-8702 | 2017-09-13 | Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due... |
| CVE-2017-8704 | 2017-09-13 | The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from an authenticated user... |
| CVE-2017-8706 | 2017-09-13 | The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from... |
| CVE-2017-8707 | 2017-09-13 | The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows... |
| CVE-2017-8708 | 2017-09-13 | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold,... |
| CVE-2017-8709 | 2017-09-13 | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold,... |
| CVE-2017-8710 | 2017-09-13 | The Microsoft Common Console Document (.msc) in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1 allows an attacker to read arbitrary files via an XML external entity... |
| CVE-2017-8711 | 2017-09-13 | The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on... |
| CVE-2017-8712 | 2017-09-13 | The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user... |
| CVE-2017-8713 | 2017-09-13 | The Windows Hyper-V component on Microsoft Windows Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure... |
| CVE-2017-8714 | 2017-09-13 | The Windows Hyper-V component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2,, Windows 10 1607, and Windows Server 2016 allows a remote code execution vulnerability when it fails... |
| CVE-2017-8716 | 2017-09-13 | Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows an attacker to run a specially crafted application to bypass Control Flow Guard, due to the way that Control... |
| CVE-2017-8719 | 2017-09-13 | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold,... |
| CVE-2017-8720 | 2017-09-13 | The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10... |
| CVE-2017-8723 | 2017-09-13 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to... |
| CVE-2017-8724 | 2017-09-13 | Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft... |
| CVE-2017-8725 | 2017-09-13 | A remote code execution vulnerability exists in Microsoft Publisher 2007 Service Pack 3 and Microsoft Publisher 2010 Service Pack 2 when they fail to properly handle objects in memory, aka... |
| CVE-2017-8728 | 2017-09-13 | Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker... |
| CVE-2017-8729 | 2017-09-13 | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting... |
| CVE-2017-8733 | 2017-09-13 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607,... |
| CVE-2017-8734 | 2017-09-13 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to... |
| CVE-2017-8735 | 2017-09-13 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website,... |
| CVE-2017-8736 | 2017-09-13 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows... |
| CVE-2017-8737 | 2017-09-13 | Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker... |
| CVE-2017-8738 | 2017-09-13 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the... |
| CVE-2017-8739 | 2017-09-13 | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles... |
| CVE-2017-8740 | 2017-09-13 | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting... |
| CVE-2017-8741 | 2017-09-13 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft... |
| CVE-2017-8742 | 2017-09-13 | A remote code execution vulnerability exists in Microsoft PowerPoint 2007 Service Pack 3, Microsoft PowerPoint 2010 Service Pack 2, Microsoft PowerPoint 2013 Service Pack 1, Microsoft PowerPoint 2013 RT Service... |
| CVE-2017-8743 | 2017-09-13 | A remote code execution vulnerability exists in Microsoft PowerPoint 2016, Microsoft SharePoint Enterprise Server 2016, and Office Online Server when they fail to properly handle objects in memory, aka "PowerPoint... |
| CVE-2017-8744 | 2017-09-13 | A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013... |
| CVE-2017-8745 | 2017-09-13 | An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint server,... |
| CVE-2017-8746 | 2017-09-13 | Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka... |
| CVE-2017-8747 | 2017-09-13 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and... |
| CVE-2017-8748 | 2017-09-13 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows... |
| CVE-2017-8749 | 2017-09-13 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607,... |
| CVE-2017-8750 | 2017-09-13 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows... |
| CVE-2017-8751 | 2017-09-13 | Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in... |
| CVE-2017-8752 | 2017-09-13 | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the... |
| CVE-2017-8753 | 2017-09-13 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to... |
| CVE-2017-8754 | 2017-09-13 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to... |
| CVE-2017-8755 | 2017-09-13 | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the... |
| CVE-2017-8756 | 2017-09-13 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to... |
| CVE-2017-8757 | 2017-09-13 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to... |
| CVE-2017-8758 | 2017-09-13 | Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability." |
| CVE-2017-14401 | 2017-09-13 | The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT UPDATE" section. |
| CVE-2017-14402 | 2017-09-13 | The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the user_name parameter to module/admin_user/add_modify_user.php in the "ACCOUNT CREATION" section, related to lack of input validation in include/function.php. |
| CVE-2017-14403 | 2017-09-13 | The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php. |
| CVE-2017-14404 | 2017-09-13 | The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring. |
| CVE-2017-14405 | 2017-09-13 | The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php. |
| CVE-2017-14406 | 2017-09-13 | A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a segmentation fault and application crash, which leads to... |
| CVE-2017-14407 | 2017-09-13 | A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service. |
| CVE-2017-14408 | 2017-09-13 | A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of... |
| CVE-2017-14409 | 2017-09-13 | A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service... |
| CVE-2017-14410 | 2017-09-13 | A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service. |
| CVE-2017-14411 | 2017-09-13 | A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of... |
| CVE-2017-14412 | 2017-09-13 | An invalid memory write was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service (segmentation fault and application crash)... |
| CVE-2017-11350 | 2017-09-13 | Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on Axesstel MU553S MU55XS-V1.14 devices. |
| CVE-2017-11351 | 2017-09-13 | Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account. |
| CVE-2017-13724 | 2017-09-13 | On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page. |
| CVE-2017-14398 | 2017-09-13 | rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to \Device\PhysicalMemory, IOCTL 0x22A064,... |
| CVE-2017-6007 | 2017-09-13 | A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to crash the... |
| CVE-2017-6008 | 2017-09-13 | A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges... |
| CVE-2017-7441 | 2017-09-13 | In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean), a crafted IOCTL with code 0x22E1C0 might lead to kernel data leaks. Because the... |
| CVE-2017-6330 | 2017-09-13 | Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests." |
| CVE-2015-2749 | 2017-09-13 | Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in... |
| CVE-2015-2750 | 2017-09-13 | Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks... |
| CVE-2015-5168 | 2017-09-13 | Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206. |
| CVE-2015-5206 | 2017-09-13 | Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168. |
| CVE-2015-7880 | 2017-09-13 | The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and knowledge of usernames. |
| CVE-2017-11462 | 2017-09-13 | Double free vulnerability in MIT Kerberos 5 (aka krb5) allows attackers to have unspecified impact via vectors involving automatic deletion of security contexts on error. |
| CVE-2017-12612 | 2017-09-13 | In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe deserialization of data received by its socket. This makes applications launched programmatically using the launcher API potentially vulnerable to... |
| CVE-2017-14124 | 2017-09-13 | In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the... |
| CVE-2016-8737 | 2017-09-13 | In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site request forgery (CSRF), which could permit a malicious web site to produce a link which, if clicked whilst... |
| CVE-2016-8744 | 2017-09-13 | Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the... |
| CVE-2017-3165 | 2017-09-13 | In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to... |