Cross site scripting

Cross-site scripting XSS vulnerability in the YourAccount module in PHP-Nuke 7.8 might allows remote attackers to inject arbitrary HTML and web script via the ublock parameter, which is saved in the user's personal menu. NOTE: the provenance of this information is unknown; the details are obtaine...

EV0104.txt

New eVuln Advisory: Skull-Splitter's PHP Guestbook XSS Vulnerability http://evuln.com/vulns/104/summary.html --------------------Summary---------------- eVuln ID: EV0104 CVE: CVE-2006-1256 Software: Skull-Splitter's PHP Guestbook Sowtware's Web Site: http://www.boysen.be/ Versions: 2.6 2.7 Critic...

SpeedTouchXSS.txt

TITLE: Thomson SpeedTouch 500 series vulnerable to XSS CRITICAL: Less critical IMPACT: Cross Site Scripting SOFTWARE: SpeedTouch 5.3.2.6.0 DESCRIPTION: There consists a vulnerability in the SpeedTouch modems, which can be exploited by malicious people to conduct cross-site scripting attacks, and...

CVE-2006-0857

CVE-2006-0857 is an XSS vulnerability in the Chatbox Plugin 1.0 for e107 0.7.2. The issue allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element. Reported impact corresponds to a MEDIUM base score (CVSSv2: 4.3; I: PARTIAL). The connect...

Hummingbird Collaboration - Crafted URL File Property Obscuration Download

Hummingbird Collaboration - Crafted URL File Property Obscuration Download source: https://www.securityfocus.com/bid/16195/info Hummingbird Enterprise Collaboration is prone to multiple vulnerabilities. The following specific issues were identified: The application reportedly allows remote...

Hummingbird Collaboration - Application Cookie Internal Network Information Disclosure

source: https://www.securityfocus.com/bid/16195/info Hummingbird Enterprise Collaboration is prone to multiple vulnerabilities. The following specific issues were identified: The application reportedly allows remote attackers to upload arbitrary HTML files and script code to the application...

Hummingbird Collaboration - Application Cookie Internal Network Information Disclosure

Hummingbird Collaboration - Application Cookie Internal Network Information Disclosure source: https://www.securityfocus.com/bid/16195/info Hummingbird Enterprise Collaboration is prone to multiple vulnerabilities. The following specific issues were identified: The application reportedly allows...

Hummingbird Collaboration - Crafted URL File Property Obscuration Download

source: https://www.securityfocus.com/bid/16195/info Hummingbird Enterprise Collaboration is prone to multiple vulnerabilities. The following specific issues were identified: The application reportedly allows remote attackers to upload arbitrary HTML files and script code to the application...

httprint 202.0 - HTTP Response Server Field Overflow Denial of Service

source: https://www.securityfocus.com/bid/16031/info httprint is prone to multiple remote vulnerabilities. The first issue may allow remote attackers to execute arbitrary HTML and script code in a user's browser. The second issue may allow remote attackers to crash an instance of the application...

httprint 202.0 - HTTP Response Server Field Overflow Denial of Service

httprint 202.0 - HTTP Response Server Field Overflow Denial of Service source: https://www.securityfocus.com/bid/16031/info httprint is prone to multiple remote vulnerabilities. The first issue may allow remote attackers to execute arbitrary HTML and script code in a user's browser. The second...

CVE-2005-3866

Cross-site scripting XSS vulnerability in SearchFeed Search Engine 1.3.2 and earlier allows remote attackers to inject arbitrary HTML and web script, possibly via the REQ parameter, which is used when performing a search...

CVE-2002-2166

Cross-site scripting XSS vulnerability in FuseTalk 2.0 and 3.0 allows remote attackers to insert arbitrary HTML and web script...

CVE-2005-3633

The CVE-2005-3633 entry describes an HTTP response splitting vulnerability in SAP Web Application Server (WAS) 6.10 through 7.00. The issue affects frameset.htm, allowing remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. The vulnerability’s root cause is improper ha...

phpSysInfo -- "register_globals" emulation layer overwrite vulnerability

A Secunia Advisory reports: Christopher Kunz has reported a vulnerability in phpSysInfo, which can be exploited by malicious people to manipulate certain information. The vulnerability is caused due to an error in the "registerglobals" emulation layer where certain arrays used by the system can b...

ASP-DEv XM Forum IMG Tag Script Injection Vulnerability

The remote web server contains an ASP script which is vulnerable to a cross site scripting issue. Description : The remote host appears to be running the ASP-DEV XM Forum. There is a flaw in the remote software which may allow anyone to inject arbitrary HTML and script code through the BBCode IMG...

flyspray -- cross-site scripting vulnerabilities

A Secunia Advisory reports: Lostmon has reported some vulnerabilities in Flyspray, which can be exploited by malicious people to conduct cross-site scripting attacks. Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script...

Coppermine Photo Gallery EXIF Data XSS

According to its banner, the version of Coppermine Gallery installed on the remote host is prone to cross-site scripting attacks because it does not sanitize malicious EXIF data stored in image files. Using a specially crafted image file, an attacker can exploit this flaw to cause arbitrary HTML...

CVE-2004-2245

Cross-site scripting XSS vulnerability in Goollery 0.03 allows remote attackers to inject arbitrary HTML or web script via the 1 page parameter to viewalbum.php or 2 btopage parameter to viewpic.php...

CVE-2004-2245

Goollery is affected by multiple XSS in viewalbum.php (via the page parameter) and viewpic.php (via the btopage parameter). The CVE entry documents a reflected XSS vulnerability in Goollery 0.03 that allows remote attackers to inject arbitrary HTML/JS in a user’s browser. OpenVAS/Nessus entries c...

CVE-2004-2242

Cross-site scripting XSS vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter...