NTSOFT BBS E-Market Professional - Multiple Cross-Site Scripting Vulnerabilities (2)

source: https://www.securityfocus.com/bid/41401/info NTSOFT BBS E-Market Professional is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an...

Orbis CMS 1.0.2 - editor-body.php Cross-Site Scripting

Orbis CMS 1.0.2 - editor-body.php Cross-Site Scripting source: https://www.securityfocus.com/bid/41390/info Orbis CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...

Orbis CMS 1.0.2 - 'editor-body.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/41390/info Orbis CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

Flatnux 2010-06.09 - find Cross-Site Scripting

Flatnux 2010-06.09 - find Cross-Site Scripting source: https://www.securityfocus.com/bid/41282/info Flatnux is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the brows...

Microsoft SharePoint Services Help.aspx 'cid0' Parameter XSS

The version of Microsoft SharePoint Services running on the remote host has a cross-site scripting vulnerability. Input sent to the 'cid0' parameter of '/layouts/help.aspx' is not properly sanitized. A remote attacker could exploit this by tricking a user into making a malicious request, resultin...

Kryn.cms 6.0 - Cross-Site Request Forgery HTML Injection

Kryn.cms 6.0 - Cross-Site Request Forgery HTML Injection source: https://www.securityfocus.com/bid/41229/info Kryn.cms is prone to a cross-site request-forgery vulnerability and an HTML-injection vulnerability. Exploiting these issues may allow a remote attacker to perform certain administrative...

TornadoStore 1.4.3 - SQL Injection HTML Injection

TornadoStore 1.4.3 - SQL Injection HTML Injection source: https://www.securityfocus.com/bid/41233/info TornadoStore is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues t...

Kryn.cms 6.0 - Cross-Site Request Forgery / HTML Injection

source: https://www.securityfocus.com/bid/41229/info Kryn.cms is prone to a cross-site request-forgery vulnerability and an HTML-injection vulnerability. Exploiting these issues may allow a remote attacker to perform certain administrative actions, gain unauthorized access to the affected...

Ceica-GW - login.php Cross-Site Scripting

Ceica-GW - login.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40917/info Ceica-GW is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser o...

Cross site scripting

Cross-site scripting XSS vulnerability in adminloginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request...

Limny 2.1 - 'q' Cross-Site Scripting

source: https://www.securityfocus.com/bid/41152/info Limny is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

SoftComplex PHP Event Calendar 1.5 - Multiple Remote Vulnerabilities

source: https://www.securityfocus.com/bid/41043/info SoftComplex PHP Event Calendar is prone to multiple remote security vulnerabilities including cross-site scripting, HTML-injection, directory-traversal, and cross-site request-forgery issues. Attackers can exploit these issues to obtain sensiti...

Anodyne SIMM Management System (SMS) <= 2.6.10 LFI Vulnerability

Anodyne SIMM Management System SMS is prone to a local file inclusion LFI vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

SoftComplex PHP Event Calendar 1.5 - Multiple Remote Vulnerabilities

SoftComplex PHP Event Calendar 1.5 - Multiple Remote Vulnerabilities source: https://www.securityfocus.com/bid/41043/info SoftComplex PHP Event Calendar is prone to multiple remote security vulnerabilities including cross-site scripting, HTML-injection, directory-traversal, and cross-site...

PithCMS <= 0.9.5 LFI Vulnerability - Active Check

PithCMS is prone to a local file include LFI vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

IBM Websphere ILOG JRules 6.7 - Cross-Site Scripting

IBM Websphere ILOG JRules 6.7 - Cross-Site Scripting source: https://www.securityfocus.com/bid/41030/info IBM WebSphere ILOG JRules is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

osCMax 2.0 - articles.php Cross-Site Scripting

osCMax 2.0 - articles.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40998/info osCmax is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browse...

Sigmer Technologies Scribe CMS - copy_folder.php Cross-Site Scripting

Sigmer Technologies Scribe CMS - copyfolder.php Cross-Site Scripting source: https://www.securityfocus.com/bid/41000/info Sigmer Technologies Scribe CMS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may...

CVE-2010-2281

Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 bannerid parameter in conjunction with a /admin/ad/banner/list PATHINFO; and allow remote authenticated users, with certain...

CVE-2010-2265

Cross-site scripting XSS vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE:...