670 matches found
CuteNews 1.4.6 - from_date_day Full Path Disclosure
CuteNews 1.4.6 - fromdateday Full Path Disclosure source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues...
CuteNews 1.4.6 - search.php Multiple Cross-Site Scripting Vulnerabilities
CuteNews 1.4.6 - search.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and...
CuteNews 1.4.6 - 'result' Cross-Site Scripting
source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...
CuteNews 1.4.6 - result Cross-Site Scripting
CuteNews 1.4.6 - result Cross-Site Scripting source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note...
CuteNews 1.4.6 - 'from_date_day' Full Path Disclosure
source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...
CuteNews 1.4.6 - 'search.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...
CuteNews 1.4.6 - index.php Cross-Site Request Forgery (New User Creation)
CuteNews 1.4.6 - index.php Cross-Site Request Forgery New User Creation source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and...
CuteNews 1.4.6 editnews Module - doeditnews Action Admin Moderation Bypass
source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...
CuteNews 1.4.6 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...
CVE-2009-3719
Cross-site scripting XSS vulnerability in comment.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to inject arbitrary web script or HTML via a comment...
Palm WebOS 1.01.1 - Email Arbitrary Script Injection
Palm WebOS 1.01.1 - Email Arbitrary Script Injection source: https://www.securityfocus.com/bid/36592/info Palm WebOS is prone to an arbitrary-script-injection vulnerability because the integrated email application fails to properly sanitize user-supplied input. An attacker can exploit this issue ...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in CMSphp 0.21 allow remote attackers to inject arbitrary web script or HTML via the 1 cookuser parameter to index.php and the 2 name parameter to modules.php...
Check Point Connectra R62 - LoginLogin Arbitrary Script Injection
Check Point Connectra R62 - LoginLogin Arbitrary Script Injection source: https://www.securityfocus.com/bid/36466/info Check Point Connectra is prone to an arbitrary-script-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to...
Check Point Connectra R62 - '/Login/Login' Arbitrary Script Injection
source: https://www.securityfocus.com/bid/36466/info Check Point Connectra is prone to an arbitrary-script-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the context of the webserver...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Stiva Forum 1.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to 1 demo.php and 2 forum.php, and the PATHINFO to 3 includeforum.php...
CVE-2009-2947
Cross-site scripting XSS vulnerability in Xapian Omega before 1.0.16 allows remote attackers to inject arbitrary web script or HTML via unspecified CGI parameter values, which are sometimes included in exception messages...
Cross site scripting
Cross-site scripting XSS vulnerability in CMDREDIRECT in DirectAdmin 1.33.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the URI in a view=advanced request...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the 1 SESSIONhandle parameter to a home.php, b books/allbooks.php, or c books/home.php; or the 2 home parameter to d ihead.php or e inav.php, or f...
CVE-2009-1081
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager IdM 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19595 and 19661...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in login.php in webshell4 in Parallels H-Sphere 3.0.0 P9 and 3.1 P1 allow remote attackers to inject arbitrary web script or HTML via the 1 err, 2 errorcode, and 3 login parameters...