Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Glassfish webadmin interface in Sun Java System Application Server 9.101 allow remote attackers to inject arbitrary web script or HTML via the 1 propertyForm:propertyContentPage:propertySheet:propertSectionTextField:jndiProp:JndiNew, 2...

OpenDocMan 1.x - out.php Cross-Site Scripting

OpenDocMan 1.x - out.php Cross-Site Scripting source: https://www.securityfocus.com/bid/29765/info OpenDocMan is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script co...

OpenDocMan 1.x - 'out.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29765/info OpenDocMan is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in t...

vBulletin 3.6.103.7.1 - redirect Cross-Site Scripting

vBulletin 3.6.103.7.1 - redirect Cross-Site Scripting source: https://www.securityfocus.com/bid/29704/info vBulletin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

vBulletin 3.6.10/3.7.1 - 'redirect' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29704/info vBulletin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in th...

PHPEasyData 1.5.4 - '/admin/login.php?Username' SQL Injection

source: https://www.securityfocus.com/bid/29659/info PHPEasyData is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the...

Pixelpost cross-site scripting vulnerability

Overview Pixelpost, an open source content management system used for photo albums, etc., contains a cross-site scripting vulnerability. Daiki Fukumori of Secure Sky Technology, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the vendors under Information Security Early Warnin...

Tornado Knowledge Retrieval System 4.2 - 'p' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29626/info Tornado Knowledge Retrieval System is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspectin...

SamTodo 1.1 - completed Cross-Site Scripting

SamTodo 1.1 - completed Cross-Site Scripting source: https://www.securityfocus.com/bid/29569/info SamTodo is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser...

SamTodo 1.1 - 'tid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29568/info SamTodo is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of th...

WyMIEN PHP 1.0 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29551/info WyMIEN PHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

DotNetNuke 4.8.3 - 'Default.aspx' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29437/info DotNetNuke is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in t...

DotNetNuke 4.8.3 - Default.aspx Cross-Site Scripting

DotNetNuke 4.8.3 - Default.aspx Cross-Site Scripting source: https://www.securityfocus.com/bid/29437/info DotNetNuke is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

xerox-xss.txt

XEROX DocuShare URL XSS Injection Vulnerabilities Xerox DocuShare is a flexible Web-based content management solution that brings greater productivity to every knowledge worker. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Xerox DocuShare 6 - dsdn/dsweb/SearchResults URI Cross-Site Scripting

source: https://www.securityfocus.com/bid/29430/info Xerox DocuShare is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the...

Xerox DocuShare 6 - docushare/dsweb/ServicesLib/Group URI Cross-Site Scripting

source: https://www.securityfocus.com/bid/29430/info Xerox DocuShare is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the...

Xerox DocuShare 6 - dsdndswebSearchResults URI Cross-Site Scripting

Xerox DocuShare 6 - dsdndswebSearchResults URI Cross-Site Scripting source: https://www.securityfocus.com/bid/29430/info Xerox DocuShare is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an...

miniCWB 2.1.1 - connector.php Multiple Cross-Site Scripting Vulnerabilities

miniCWB 2.1.1 - connector.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/29368/info miniCWB is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

Horde Multiple Product - 'workweek.php?Timestamp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29365/info Horde Kronolith is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

BMForum 5.6 - 'bsd01footer.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29339/info BMForum is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...