JW Player - playerready Cross-Site Scripting

JW Player - playerready Cross-Site Scripting source: https://www.securityfocus.com/bid/54739/info JW Player is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Novell GroupWise WebAccess User.interface XSS

The version of Novell GroupWise WebAccess hosted on the remote web server has a cross-site scripting vulnerability. This vulnerability is present when files are retrieved by passing a directory traversal string to the User.interface parameter. An attacker could exploit this by tricking a user int...

AVA VoIP - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/54591/info AVA VoIP is prone to multiple security vulnerabilities because the application fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context o...

Event Calender PHP - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/54455/info Event Calender PHP is prone to multiple input validation vulnerabilities. Exploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the application, acce...

web@all - 'name' Cross-Site Scripting

source: https://www.securityfocus.com/bid/54466/info web@all is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

Server: Multiple reflected XSS

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via file names to apps/userldap/settings.php url or title parameter to apps/bookmarks/ajax/editBookmark.php tag or page parameter to...

Kajona - getAllPassedParams() Multiple Cross-Site Scripting Vulnerabilities

Kajona - getAllPassedParams Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/54391/info Kajona is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execu...

Microsoft SharePoint CVE-2012-1863 Cross Site Scripting Vulnerability

Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...

Flogr - tag Multiple Cross-Site Scripting Vulnerabilities

Flogr - tag Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/54354/info Flogr is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

YY-BOARD vulnerable to cross-site scripting

Overview YY-BOARD contains a cross-site scripting vulnerability. YY-BOARD is a bulletin-board software. YY-BOARD contains a vulnerability in handling web form entries, which may result in cross-site scripting. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with...

WordPress Plugin church_admin - id Cross-Site Scripting

WordPress Plugin churchadmin - id Cross-Site Scripting source: https://www.securityfocus.com/bid/54329/info The churchadmin plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execu...

WordPress Plugin Knews Multilingual Newsletters - Cross-Site Scripting

source: https://www.securityfocus.com/bid/54330/info Knews Multilingual Newsletters for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

WordPress Plugin church_admin - 'id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/54329/info The churchadmin plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

WordPress Plugin SocialFit - 'msg' Cross-Site Scripting

source: https://www.securityfocus.com/bid/54320/info SocialFit plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting us...

FreeBSD : typo3 -- XSS Vulnerability in TYPO3 Core (c28ee9cd-916e-4dcf-8ed3-e97e5846db6c)

Typo3 Security Report TYPO3-CORE-SA-2012-003 : TYPO3 bundles and uses an external JavaScript and Flash Upload Library called swfupload. TYPO3 can be configured to use this Flash uploader. Input passed via the 'movieName' parameter to swfupload.swf is not properly sanitised before being used in a...

WordPress Plugin PHPFreeChat - 'url' Cross-Site Scripting

source: https://www.securityfocus.com/bid/54332/info PHPFreeChat is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

WordPress Plugin PHPFreeChat - url Cross-Site Scripting

WordPress Plugin PHPFreeChat - url Cross-Site Scripting source: https://www.securityfocus.com/bid/54332/info PHPFreeChat is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

Multiple stored XSS - ownCloud

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the calendar displayname to part.choosecalendar.rowfields.php part.choosecalendar.rowfields.shared.php in apps/calendar/templates/ unspecified vectors to...

WordPress Plugin custom tables - key Cross-Site Scripting

WordPress Plugin custom tables - key Cross-Site Scripting source: https://www.securityfocus.com/bid/54326/info WordPress custom tables plugin is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

SWFupload - 'movieName' Cross-Site Scripting

source: https://www.securityfocus.com/bid/54245/info SWFUpload is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...