TGS Content Management 0.3.2r2 - 'login.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/30157/info TGS Content Management is prone to an HTML-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script co...

TGS Content Management 0.3.2r2 - index.php Multiple Cross-Site Scripting Vulnerabilities

TGS Content Management 0.3.2r2 - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/30157/info TGS Content Management is prone to an HTML-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize...

TGS Content Management 0.3.2r2 - login.php Multiple Cross-Site Scripting Vulnerabilities

TGS Content Management 0.3.2r2 - login.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/30157/info TGS Content Management is prone to an HTML-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize...

Redmine vulnerable to cross-site scripting

Overview Redmine, open source project management software, contains a cross-site scripting vulnerbility. Redmine is open source project management software written by Ruby on Rails framework. Redmine contains a cross-site scripting vulnerability. Toshiharu Sugiyama of UBsecure, Inc. reported this...

FreeStyleWiki cross-site scripting vulnerability

Overview FreeStyleWiki contains a cross-site scripting vulnerability. FreeStyleWiki, one of Wiki clones, contains a cross-site scripting vulnerability. NetAgent Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Cybozu Garoon vulnerable to arbitrary script execution

Overview Cybozu Garoon, a groupware from Cybozu, contains a vulnerability that allows an attacker to execute an arbitrary script when a user views RSS feed. Yoshiki Kawada of LAC Little eArth Corporation reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information...

Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability

Description Microsoft Outlook Web Access OWA for Exchange Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...

httpd: mod_imagemap XSS

Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

FaName 1.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/30019/info FaName is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

JVN#52363223: Cybozu Garoon vulnerable to arbitrary script execution

Cybozu Garoon, a groupware from Cybozu, contains a vulnerability that allows an attacker to execute an arbitrary script when a user views RSS feed. Impact An arbitrary script could be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the vendor...

Caucho Resin vulnerable to XSS via "file" parameter to "viewfile"

Overview The "viewfile" command provided by Caucho Resin contains a cross-site scripting XSS vulnerability in the "file" parameter. Description Caucho Resin is a Java-based application server. The "viewfile" command that is provided with the Resin documentation is vulnerable to XSS via the "file"...

CVE-2008-2825

CVE-2008-2825 describes a cross-site scripting (XSS) vulnerability in the embedded Web Server of Xerox WorkCentre models M123/M128/133 and WorkCentre Pro 123/128/133. The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Affected component: embedded Web...

Chipmunk Blog - archive.php Cross-Site Scripting

Chipmunk Blog - archive.php Cross-Site Scripting source: https://www.securityfocus.com/bid/29883/info Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary...

A+ PHP Scripts News Management System 0.3 - Multiple Input Validation Vulnerabilities

A+ PHP Scripts News Management System 0.3 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/29912/info A+ PHP Scripts News Management System is prone to multiple input-validation vulnerabilities, including a remote file-include issue, multiple local file-includ...

Benja CMS 0.1 - adminadmin_new_submenu.php Cross-Site Scripting

Benja CMS 0.1 - adminadminnewsubmenu.php Cross-Site Scripting source: https://www.securityfocus.com/bid/29884/info The 'benja CMS' program is prone to multiple vulnerabilities because it fails to adequately validate input and restrict access. These issues include three cross-site scripting issues...

A+ PHP Scripts News Management System 0.3 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/29912/info A+ PHP Scripts News Management System is prone to multiple input-validation vulnerabilities, including a remote file-include issue, multiple local file-include issues, and a cross-site scripting issue. An attacker can exploit these...

PEGames - Multiple Cross-Site Scripting Vulnerabilities

PEGames - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/29865/info PEGames is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary...

Benja CMS 0.1 - '/admin/admin_new_submenu.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29884/info The 'benja CMS' program is prone to multiple vulnerabilities because it fails to adequately validate input and restrict access. These issues include three cross-site scripting issues, an arbitrary-file-upload issue, and a vulnerability that...

CGIWrap error page cross-site scripting vulnerability

Overview CGIWrap error page is vulnerable to a cross-site scripting. CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms on the web server. CGIWrap contains a cross-site scripting vulnerability as it does not specify charset in the error page. Hirohisa Yamaguc...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/users.asp in Xigla Absolute Control Panel XE 1.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter and other unspecified parameters. NOTE: some of these details are obtained from third party information...