xt:Commerce 3.04 - 'XTCsid' Session Fixation

source: https://www.securityfocus.com/bid/31313/info xt:Commerce is prone to multiple vulnerabilities, including a session-fixation vulnerability and a cross-site scripting vulnerability. An attacker can leverage the session-fixation issue to hijack a session of an unsuspecting user. The attacker...

Achievo 1.3.2 - 'atknodetype' Cross-Site Scripting

source: https://www.securityfocus.com/bid/31326/info Achievo is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

Multiple Tor World CGI scripts vulnerable to arbitrary script execution

Overview Multiple Tor World CGI scripts contain a vulnerability which may allow an arbitrary script execution. Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a vulnerability which may allow an attacker to...

Quick CMS Lite 2.1 - admin.php Cross-Site Scripting

Quick CMS Lite 2.1 - admin.php Cross-Site Scripting source: https://www.securityfocus.com/bid/31210/info Quick.Cms.Lite is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script co...

Paranews 3.4 - Multiple Cross-Site Scripting Vulnerabilities

Paranews 3.4 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/31152/info Paranews is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute...

Paranews 3.4 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/31152/info Paranews is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in th...

Nooms 1.1 - smileys.php?page_id Cross-Site Scripting

Nooms 1.1 - smileys.php?pageid Cross-Site Scripting source: https://www.securityfocus.com/bid/31131/info NooMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script...

JVN#18616622 Multiple Tor World CGI scripts vulnerable to arbitrary script execution

Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a vulnerability which may allow an attacker to inject an arbitrary script into the web page which is generated by the affected product. This vulnerability is...

Horde Application Framework 3.2.1 - Forward Slash Insufficient Filtering Cross-Site Scripting

Horde Application Framework 3.2.1 - Forward Slash Insufficient Filtering Cross-Site Scripting source: https://www.securityfocus.com/bid/31107/info Horde Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverag...

Gallery 2.0 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/31060/info Gallery is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via 1 the real name field, related to the user list; 2 the target parameter to login.php, 3 the title parameter to activities/some.php, 4 the companyname parameter to...

FreeBSD Ports: openwebmail

The remote host is missing an update to the system as announced in the referenced advisory. VID c5519420-cec2-11d8-8898-000d6111a684 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

CeleronDude Uploader 6.1 - account.php Cross-Site Scripting

CeleronDude Uploader 6.1 - account.php Cross-Site Scripting source: https://www.securityfocus.com/bid/31010/info Celerondude Uploader is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

Blogn vulnerable to cross-site scripting

Overview Blogn from R-ONE Computer contains a cross-site scripting vulnerability. Blogn from R-ONE Computer is software for creating blogs. Blogn contains a cross-site scripting vulnerability. Masako Ohno of NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the...

Vulnerability in La!cooda WIZ and LacoodaST allowing an arbitrary PHP script execution

Overview La!cooda WIZ and LacoodaST contain a vulnerability which may allow a malicious user to execute an arbitrary PHP script on the server. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ...

La!cooda WIZ and LacoodaST vulnerable to cross-site scripting

Overview La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability. La!cooda WIZ from System Consultants Co., Ltd. and LacoodaST from SpaceTag, Inc. are groupware providing schedule and task managements, etc. La!cooda WIZ and LacoodaST contain a cross-site scripting vulnerability...

IDevSpot BizDirectory 2.04 - 'page' Cross-Site Scripting

source: https://www.securityfocus.com/bid/30980/info IDevSpot BizDirectory is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...

IDevSpot BizDirectory 2.04 - page Cross-Site Scripting

IDevSpot BizDirectory 2.04 - page Cross-Site Scripting source: https://www.securityfocus.com/bid/30980/info IDevSpot BizDirectory is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary...

GenPortal - 'buscarCat.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/30957/info GenPortal is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context ...

GenPortal - buscarCat.php Cross-Site Scripting

GenPortal - buscarCat.php Cross-Site Scripting source: https://www.securityfocus.com/bid/30957/info GenPortal is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...