Microsoft Internet Explorer Cross Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may...

Microsoft Internet Explorer Event Handling Cross Domain Security Bypass Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain security-bypass vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to execute arbitrary script code in another browser window's security zone. This may allow...

EEB-CMS 0.95 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/31732/info EEB-CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

CVE-2008-4537

Cross-site scripting XSS vulnerability in EC-CUBE Ver1 1.4.6 and earlier, Ver1 Beta 1.5.0-beta and earlier, Ver2 2.1.2a and earlier, Ver2 BetaRC 2.1.1-beta and earlier, Community Edition 1.3.4 and earlier, and Community Edition Nightly-Build r17336 and earlier allows remote attackers to inject...

CVE-2008-2236

Cross-site scripting XSS vulnerability in blosxom.cgi in Blosxom before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the flav parameter flavour variable. NOTE: some of these details are obtained from third party information...

EC-CUBE cross-site scripting vulnerability

Overview EC-CUBE provided by LOCKON CO.,LTD. contains a cross-site scripting vulnerability. EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN26621646, a...

JVN#26621646 EC-CUBE cross-site scripting vulnerability

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN36085487, and JVN99916563. Impact An arbitrary script could be executed on the user's web browser...

JVN#99916563 EC-CUBE cross-site scripting vulnerability

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different from JVN61543834, JVN26621646, and JVN36085487. Impact An arbitrary script could be executed on the user's web browser...

WikyBlog 1.7.1 - Multiple Cross-Site Scripting Vulnerabilities

WikyBlog 1.7.1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/31525/info WikyBlog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

CAcert - analyse.php Cross-Site Scripting

CAcert - analyse.php Cross-Site Scripting source: https://www.securityfocus.com/bid/31481/info CAcert is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser ...

WordPress MU 1.2/1.3 - '/wp-admin/wpmu-blogs.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/31482/info WordPress MU is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

Lyrics Script - 'search_results.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/31437/info Lyrics Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Lyrics Script - search_results.php Cross-Site Scripting

Lyrics Script - searchresults.php Cross-Site Scripting source: https://www.securityfocus.com/bid/31437/info Lyrics Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script...

Recipe Script - 'search.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/31442/info Recipe Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

OpenNMS 1.5.x - filter Cross-Site Scripting

OpenNMS 1.5.x - filter Cross-Site Scripting source: https://www.securityfocus.com/bid/31410/info OpenNMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in t...

OpenNMS 1.5.x - 'j_username' Cross-Site Scripting

source: https://www.securityfocus.com/bid/31410/info OpenNMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Flatpress 0.804 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/31407/info FlatPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Gentoo Security Advisory GLSA 200510-24 (Mantis)

The remote host is missing updates announced in advisory GLSA 200510-24. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Datalife Engine CMS 7.2 - 'admin.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/31335/info Datalife Engine CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in th...

xt:Commerce 3.04 - 'advanced_search_result.php?keywords' Cross-Site Scripting

source: https://www.securityfocus.com/bid/31313/info xt:Commerce is prone to multiple vulnerabilities, including a session-fixation vulnerability and a cross-site scripting vulnerability. An attacker can leverage the session-fixation issue to hijack a session of an unsuspecting user. The attacker...