CVE-2009-3114

The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer's Local Machine Zone via a crafted feed, aka SPR RGAU7RDJ9K...

KingCMS 0.6 - 'CONFIG[AdminPath]' Remote File Inclusion

source: https://www.securityfocus.com/bid/42924/info KingCMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary script code in the...

Omnistar Recruiting - resume_register.php Cross-Site Scripting

Omnistar Recruiting - resumeregister.php Cross-Site Scripting source: https://www.securityfocus.com/bid/43163/info Omnistar Recruiting is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in AOM Software Beex 3 allow remote attackers to inject arbitrary web script or HTML via the navaction parameter to 1 news.php and 2 partneralle.php...

Apache Tomcat 3.2 - 404 Error Page Cross-Site Scripting

source: https://www.securityfocus.com/bid/37149/info Apache Tomcat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context...

Webformatique Reservation Manager 2.4 - index.php Cross-Site Scripting

Webformatique Reservation Manager 2.4 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/43003/info Webformatique Reservation Manager is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage thi...

Beex - partneralle.php?navaction Cross-Site Scripting

Beex - partneralle.php?navaction Cross-Site Scripting source: https://www.securityfocus.com/bid/42451/info Beex is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script co...

PHPMass Real Estate - view_map.php Cross-Site Scripting

PHPMass Real Estate - viewmap.php Cross-Site Scripting source: https://www.securityfocus.com/bid/42452/info PHPMass Real Estate is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary scri...

Property Watch - email.php?videoid Cross-Site Scripting

Property Watch - email.php?videoid Cross-Site Scripting source: https://www.securityfocus.com/bid/42453/info Property Watch is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitra...

LiveStreet 0.2 - includeajaxblogInfo.php?asd Cross-Site Scripting

LiveStreet 0.2 - includeajaxblogInfo.php?asd Cross-Site Scripting source: https://www.securityfocus.com/bid/42422/info LiveStreet is prone to an HTML-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverag...

LiveStreet 0.2 - '/include/ajax/blogInfo.php?asd' Cross-Site Scripting

source: https://www.securityfocus.com/bid/42422/info LiveStreet is prone to an HTML-injection vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage the issues to execute arbitrary script code in the browser of an...

WebStatCaffe - statpageviewerschart.php?date Cross-Site Scripting

WebStatCaffe - statpageviewerschart.php?date Cross-Site Scripting source: https://www.securityfocus.com/bid/43339/info Gonafish WebStatCaffe is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues t...

WebStatCaffe - '/stat/referer.php?date' Cross-Site Scripting

source: https://www.securityfocus.com/bid/43339/info Gonafish WebStatCaffe is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...

x10 MP3 Automatic Search Engine 1.6.5 - includesvideo_ad.php?pic_id Cross-Site Scripting

x10 MP3 Automatic Search Engine 1.6.5 - includesvideoad.php?picid Cross-Site Scripting source: https://www.securityfocus.com/bid/43336/info x10 Media Automatic MP3 Search Engine is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An...

WebStatCaffe - statmostvisitpagechart.php?nopagesmost Cross-Site Scripting

WebStatCaffe - statmostvisitpagechart.php?nopagesmost Cross-Site Scripting source: https://www.securityfocus.com/bid/43339/info Gonafish WebStatCaffe is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these...

x10 MP3 Automatic Search Engine 1.6.5b - embed.php?name Cross-Site Scripting

x10 MP3 Automatic Search Engine 1.6.5b - embed.php?name Cross-Site Scripting source: https://www.securityfocus.com/bid/43336/info x10 Media Automatic MP3 Search Engine is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker...

ViewVC Cross Site Scripting and Unspecified Security Vulnerabilities

ViewVC is prone to these security vulnerabilities: - A cross-site scripting vulnerability. - An unspecified security vulnerability that may allow attackers to print illegal parameter names and values. An attacker may leverage theses issue to execute arbitrary script code in the browser of an...

JCE-Tech SearchFeed Script - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/44266/info JCE-Tech SearchFeed Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting us...

DigiOz Guestbook 1.7.2 - 'search.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/44237/info DigiOz Guestbook is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

JCE-Tech PHP Video Script - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/44269/info JCE-Tech PHP Video Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting use...