Jupiter CMS <= 1.1.5 Multiple XSS Attack Vectors

No description provided by source. Jupiter CMS = 1.1.5 multiple XSS attack vectors. Discovered by: Nomenumbra/0x4F4C Date: 3/11/2006 impact:high privilege escalation,site defacement Jupiter CMS http://www.highstrike.net/ is a dynamic CMS system like mambo or limbo, allowing users to subscribe and...

Jupiter CMS 1.1.5 - Multiple Cross-Site Scripting Vulnerabilities

Jupiter CMS , to redirect the user to a page of your choice, to avoid suspicion and disclosure of your cookiestealer's location. This injections would allow an attacker to redirect users to a page of his choice, effectively defacing the page:...

CVE-2006-0389

CVE-2006-0389 describes a cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) on Mac OS X 10.4 through 10.4.5. The flaw allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds, in the context of the affected user’s browser. Affected pro...

CVE-2006-0735

Cross-site scripting XSS vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an 1 img or 2 url BBcode tag...

CVE-2006-0296

CVE-2006-0296 affects Mozilla Suite components including Mozilla/Firefox up to 1.5.0.1 and SeaMonkey up to 1.0. The vulnerability arises in the XULDocument.persist function where the attribute name is not validated, enabling remote attackers to inject RDF data into the user’s localstore.rdf and e...

CVE-2006-0296

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...

CVE-2006-0296

The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, and SeaMonkey before 1.0 does not validate the attribute name, which allows remote attackers to execute arbitrary Javascript by injecting RDF data into the user's localstore.rdf file...

CVE-2006-0310

Cross-site scripting XSS vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag...

Ubuntu 4.10 / 5.04 : courier vulnerabilities (USN-201-1)

Several Cross Site Scripting vulnerabilities were discovered in SqWebmail. A remote attacker could exploit this to execute arbitrary JavaScript or other active HTML embeddable content in the web browser of an SqWebmail user by sending specially crafted emails to him. Please note that the...

CVE-2006-0165

Cross-site scripting XSS vulnerability in the DataForm Entries functionality in Plain Black WebGUI before 6.8.4 gamma allows remote attackers to inject arbitrary Javascript via the 1 url and 2 name field of the default email form...

Cross site scripting

Cross-site scripting XSS vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers to inject arbitrary Javascript via a new message with a url bbcode tag containing a javascript URI...

Cross site scripting

Cross-site scripting XSS vulnerability in Foxrum 4.0.4f allows remote attackers to inject arbitrary Javascript via the javascript URI in bbcode url tags in 1 addpost1.php and 2 addtopic1.php...

CVE-2006-0155

Cross-site scripting XSS vulnerability in posts.php in 427BB 2.2 and 2.2.1 allows remote attackers to inject arbitrary Javascript via a new message with a url bbcode tag containing a javascript URI...

namesXSS.txt

names.co.uk is an English registrar and web hosting company. Their frames-based hosting option has an XSS vulnerability allowing injection of arbitrary Javascript. For example: http://www.weddingbiz.co.uk/%22%3E%3Cframe%20src%3D%22javascript%3Aalert%281%29%22%20 According to webhosting.info,...

Horde 3.0 XSS Vulnerability

Horde is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2005 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2005-2595

Cross-site scripting XSS vulnerability in Dada Mail before 2.10 Alpha 1 allows remote attackers to execute arbitrary Javascript via archived messages...

CVE-2005-2595

Cross-site scripting XSS vulnerability in Dada Mail before 2.10 Alpha 1 allows remote attackers to execute arbitrary Javascript via archived messages...

CVE-2004-2174

Cross-site scripting XSS vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter...

CVE-2005-1659

Cross-site scripting XSS vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." triple dot followed by an onmouseover event...

CVE-2005-1592

Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3.1 allow remote attackers to inject arbitrary Javascript...