7610 matches found
ExpressionEngine 1.2.1 - HTTP Response Splitting / Cross-Site Scripting
source: https://www.securityfocus.com/bid/27128/info ExpressionEngine is prone to an HTTP-response-splitting vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in...
Rotabanner Local 2/3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/27138/info Rotabanner Local is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an...
LiveCart 1.0.1 - return Cross-Site Scripting (2)
LiveCart 1.0.1 - return Cross-Site Scripting 2 source: https://www.securityfocus.com/bid/27087/info LiveCart is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code ...
LiveCart 1.0.1 - 'return' Cross-Site Scripting (2)
source: https://www.securityfocus.com/bid/27087/info LiveCart is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
MilliScripts - dir.php Cross-Site Scripting
MilliScripts - dir.php Cross-Site Scripting source: https://www.securityfocus.com/bid/27078/info MilliScripts is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
MilliScripts - 'dir.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/27078/info MilliScripts is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context ...
Makale Scripti - Cross-Site Scripting
source: https://www.securityfocus.com/bid/27067/info Makale Scripti is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the contex...
Makale Scripti - Cross-Site Scripting
Makale Scripti - Cross-Site Scripting source: https://www.securityfocus.com/bid/27067/info Makale Scripti is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser...
NetBizCity FaqMasterFlexPlus - 'faq.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/27051/info FaqMasterFlexPlus is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
Limbo CMS 1.0.4 - com_option Cross-Site Scripting
Limbo CMS 1.0.4 - comoption Cross-Site Scripting source: https://www.securityfocus.com/bid/27027/info Limbo CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
Mambo 4.6.2 - index.php Multiple Cross-Site Scripting Vulnerabilities
Mambo 4.6.2 - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/26922/info Mambo is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...
Adobe Flash Player 8.0.34.0/9.0.x - 'main.swf?baseurl' asfunction: Protocol Handler Cross-Site Scripting
source: https://www.securityfocus.com/bid/26949/info Adobe Flash Player is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...
Adobe Flash Player 8.0.34.09.0.x - main.swf?baseurl asfunction: Protocol Handler Cross-Site Scripting
Adobe Flash Player 8.0.34.09.0.x - main.swf?baseurl asfunction: Protocol Handler Cross-Site Scripting source: https://www.securityfocus.com/bid/26949/info Adobe Flash Player is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An...
CVE-2007-6405
Sergey Lyubka Simple HTTPD shttpd 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended 1 '+' character, 2 '.' character, 3 %2e sequence hex-encoded dot, or 4 hex-encoded character greater than 0x7f. NOTE: the %20 vector is...
CVE-2007-6367
Multiple cross-site scripting XSS vulnerabilities in the guestbook in SineCMS 2.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 username user or 2 comment commento field, different vectors than CVE-2007-2357...
JVN#50342989 Multiple Cybozu products vulnerable to cross-site scripting
Multiple Cybozu products are vulnerable to cross-site scripting. This vulnerability is different from JVN90712589. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest updates provided by the vendor. Products Affected Cybozu Office 6....
JVN#77730435 Multiple Cybozu products vulnerable to HTTP header injection
Multiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers. Impact A remote attacker can conduct cache poisoning, send an arbitrary cookie, or execute an arbitrary script on the user's web browser. Solution Update the Software For more...
SquirrelMail G/PGP Encryption Plugin 2.0/2.1 - Access Validation / Input Validation
source: https://www.securityfocus.com/bid/26788/info The G/PGP encryption plugin for SquirrelMail is prone to an input-validation vulnerability and an access-validation vulnerability. Attackers can exploit these issues to inject arbitrary script code into public key data or to delete and overwrit...
SquirrelMail GPGP Encryption Plugin 2.02.1 - Access Validation Input Validation
SquirrelMail GPGP Encryption Plugin 2.02.1 - Access Validation Input Validation source: https://www.securityfocus.com/bid/26788/info The G/PGP encryption plugin for SquirrelMail is prone to an input-validation vulnerability and an access-validation vulnerability. Attackers can exploit these issue...
webSPELL 4.1.2 - 'calendar.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/26787/info webSPELL is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...