RSSOwl vulnerable to arbitrary script execution

Overview RSSOwl is vulnerable to arbitrary script execution. RSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...

Sybase EAServer vulnerable to cross-site scripting

Overview EAServer contains a cross-site scripting vulnerability. EAServer provided by Sybase is an application server. EAServer contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...

JVN#77947437: RSSOwl vulnerable to arbitrary script execution

RSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...

Authentication flaw

GR Board aka grboard 1.8.6.5 Community Edition does not require authentication for certain database actions, which allows remote attackers to modify or delete data via a request to 1 modrewrite.php, 2 commentwriteok.php, 3 poll/index.php, 4 update/index.php, 5 trackback.php, or 6 an arbitrary...

Ruubikcms 1.1.x - Cross-Site Scripting Information Disclosure Directory Traversal

Ruubikcms 1.1.x - Cross-Site Scripting Information Disclosure Directory Traversal source: https://www.securityfocus.com/bid/53655/info RuubikCMS is prone to multiple cross-site-scripting vulnerabilities, multiple information-disclosure vulnerabilities, and directory-traversal vulnerability...

pragmaMx 1.12.1 - includeswysiwygspaweditorpluginsimgpopupimg_popup.php?img_url Cross-Site Scripting

pragmaMx 1.12.1 - includeswysiwygspaweditorpluginsimgpopupimgpopup.php?imgurl Cross-Site Scripting source: https://www.securityfocus.com/bid/53669/info PragmaMX is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may...

Yandex.Server 2010 9.0 - text Cross-Site Scripting

Yandex.Server 2010 9.0 - text Cross-Site Scripting source: https://www.securityfocus.com/bid/53622/info Yandex.Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code...

PHPhq.Net phAlbum 1.5.1 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53648/info phAlbum is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affecte...

multimedia macro allows execution of arbitrary scripts

The multimedia macro in confluence embeds a swf without the 'allowScriptAccess' attribute set to 'none'. This allows the embedded user submitted swf to execute arbitrary javascript on the page, constituting an XSS vulnerability. The multimedia tag is bundled in with the base product and not an...

PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities

PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/53598/info PHP Address Book is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/53598/info PHP Address Book is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...

Unijimpe Captcha - captchademo.php Cross-Site Scripting

Unijimpe Captcha - captchademo.php Cross-Site Scripting source: https://www.securityfocus.com/bid/53585/info The Unijimpe Captcha is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

Unijimpe Captcha - 'captchademo.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53585/info The Unijimpe Captcha is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

backupDB() 1.2.7a - 'onlyDB' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53575/info backupDB is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...

WordPress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities

WordPress Plugin LeagueManager 3.7 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/53525/info LeagueManager plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attack...

WordPress Plugin Track That Stat 1.0.8 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/53551/info The Track That Stat plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

WordPress Plugin iFrame Admin Pages 0.1 - 'main_page.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53522/info The iFrame Admin Pages plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

WordPress Plugin PDF Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities

WordPress Plugin PDF Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/53519/info PDF & Print Button Joliprint plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize...

WordPress Plugin Soundcloud Is Gold 2.1 - width Cross-Site Scripting

WordPress Plugin Soundcloud Is Gold 2.1 - width Cross-Site Scripting source: https://www.securityfocus.com/bid/53537/info The Soundcloud Is Gold plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverag...

Symantec Web Gateway timer.php XSS (SYM12-006)

The remote web server is hosting a version of Symantec Web Gateway that is vulnerable to cross-site scripting attacks. Input to the 'l' parameter of timer.php is not properly sanitized. An attacker could exploit this by tricking a user into making a malicious request, resulting in arbitrary scrip...