7610 matches found
Dojo Toolkit 1.4.1 - '/dijit/tests/_testCommon.js?theme' Cross-Site Scripting
source: https://www.securityfocus.com/bid/38739/info Dojo is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
(Multiple Products) - 'banner.swf' Cross-Site Scripting
source: https://www.securityfocus.com/bid/38732/info Multiple products are prone to a cross-site scripting vulnerability because the applications fail to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...
Dojo Toolkit 1.4.1 - dohrunner.html Multiple Cross-Site Scripting Vulnerabilities
Dojo Toolkit 1.4.1 - dohrunner.html Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/38739/info Dojo is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues...
Andromeda 1.9.2 - 's' Cross-Site Scripting / Session Fixation
source: https://www.securityfocus.com/bid/38735/info Andromeda is prone to a cross-site scripting vulnerability and a session-fixation vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site a...
[xss] a xss on "threadid" parameter in BBSMAX
i found a xss on "threadid" parameter in "post.aspx" in BBSMAX , it's "post.aspx?action=reply&threadid=" Vulnerable: BBSMAX 4.2 BBSMAX 4.1 BBSMAX 3.0 For example: http://bbs.example.com/forum1/post.aspx?action=reply&threadid="scriptalert/liscker/;/script BBSMAX Home Page : http://www.bbsmax.com/...
Cross site scripting
Cross-site scripting XSS vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to inject arbitrary web script or HTML via the st parameter...
DDL CMS 2.1 - blacklist.php Cross-Site Scripting
DDL CMS 2.1 - blacklist.php Cross-Site Scripting source: https://www.securityfocus.com/bid/38643/info DDL CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
DDL CMS 2.1 - 'blacklist.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/38643/info DDL CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of th...
CVE-2009-4677
CVE-2009-4677 is an XSS vulnerability in the search.php of phpFK PHP Forum ohne 7.0.4. The issue allows remote attackers to inject arbitrary web script or HTML via the search parameter. The provided documents confirm the affected product/version and the vulnerable parameter (search). No explicit ...
BBSMAX 3.0 / 4.1 / 4.2 Cross Site Scripting
i found a xss on "action" parameter in "post.aspx" in BBSMAX , it's "post.aspx?action=" Vulnerable: BBSMAX 4.2 BBSMAX 4.1 BBSMAX 3.0 For example: http://bbs.example.com/forum1/post.aspx?action=newthread"alert/liscker/ BBSMAX Home Page : http://www.bbsmax.com/ BBSMAX is prone to an cross-site...
Six Apart Vox - search Page Cross-Site Scripting
Six Apart Vox - search Page Cross-Site Scripting source: https://www.securityfocus.com/bid/38575/info Six Apart Vox is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
Article Friendly - Filename Local File Inclusion
Article Friendly - Filename Local File Inclusion source: https://www.securityfocus.com/bid/38461/info Article Friendly is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensiti...
tDiary plugin tb-send.rb vulnerable to cross-site scripting
Overview tDiary plugin tb-send.rb contains a cross-site scripting vulnerability. tDiary is a weblog software. tDiary plugin tb-send.rb contains a cross-site scripting vulnerability. The developer has confirmed that tDiary 2.3.x are not affected by this vulnerability. Project VEX of UBsecure, Inc...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 color, 2 img, or 3 url BBCode tags in unspecified vectors...
vBulletin 4.0.2 Multiple Cross Site Scripting Vulnerabilities
vBulletin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...
WampServer 2.0i - 'lang' Cross-Site Scripting
source: https://www.securityfocus.com/bid/38357/info WampServer is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...
Social Web CMS 2 - index.php Cross-Site Scripting
Social Web CMS 2 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/38329/info Social Web CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...
Social Web CMS 2 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/38329/info Social Web CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the contex...
IBM Websphere Portal 6.0.1.5 Build wp6015 - Portlet Palette Search HTML Injection
source: https://www.securityfocus.com/bid/38360/info IBM WebSphere Portal is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An authenticated attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting use...
IBM Websphere Portal 6.0.1.5 Build wp6015 - Portlet Palette Search HTML Injection
IBM Websphere Portal 6.0.1.5 Build wp6015 - Portlet Palette Search HTML Injection source: https://www.securityfocus.com/bid/38360/info IBM WebSphere Portal is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An authenticated attacker may leverage...