7610 matches found
CVE-2007-1991
Cross-site scripting XSS vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927...
TuMusika Evolution 1.6 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/23452/info TuMusika Evolution is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...
DotClear 1.2.x - '/ecrire/trackback.php?post_id' Cross-Site Scripting
source: https://www.securityfocus.com/bid/23411/info DotClear is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
DotClear 1.2.x - '/tools/thememng/index.php?tool_url' Cross-Site Scripting
source: https://www.securityfocus.com/bid/23411/info DotClear is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
DotClear 1.2.x - ecriretrackback.php?post_id Cross-Site Scripting
DotClear 1.2.x - ecriretrackback.php?postid Cross-Site Scripting source: https://www.securityfocus.com/bid/23411/info DotClear is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...
Einfacher Passworschutz - index.php Cross-Site Scripting
Einfacher Passworschutz - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/23395/info Einfacher Passworschutz is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to...
PHPwebnews 0.1 - index.php Cross-Site Scripting
PHPwebnews 0.1 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/23448/info The 'phpwebnews' package is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...
Livor 2.5 - index.php Cross-Site Scripting
Livor 2.5 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/23353/info Livor is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in th...
Livor 2.5 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/23353/info Livor is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
Atlassian JIRA 3.4.2 - IssueNavigator.JSPA Cross-Site Scripting
source: https://www.securityfocus.com/bid/23244/info Atlassian JIRA is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
JVN#62399483 Overlay Weaver cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected Overlay Weaver 0.5.9 - 0.5.11 For more information, refer to the vendor's website...
Mephisto Blog 0.7.3 - Search Function Cross-Site Scripting
source: https://www.securityfocus.com/bid/23141/info Mephisto Blog is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user...
CVE-2007-1609
Cross-site scripting XSS vulnerability in servlet/Spy in Dynamic Monitoring Services DMS in Oracle Application Server OAS 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563...
JVN#64227086 NewsGlue and Ikinari Jijyoutsuu arbitrary script execution vulnerability
Impact An arbitrary script could be executed in NewsGlue or Ikinari Jijyoutsuu. Arbitrary files on client PCs could be accessed by an attacker. Solution Products Affected NewsGlue 1.3.3 and earlier Ikinari Jijyoutsuu version 1.0.0 and 1.0.1...
PHPX 3.5.153.5.16 - print.php SQL Injection
PHPX 3.5.153.5.16 - print.php SQL Injection source: https://www.securityfocus.com/bid/23033/info PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based...
WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting
source: https://www.securityfocus.com/bid/23027/info WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This...
PHPX 3.5.153.5.16 - users.php SQL Injection
PHPX 3.5.153.5.16 - users.php SQL Injection source: https://www.securityfocus.com/bid/23033/info PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based...
JVN#83832818: Interstage Application Server cross-site scripting vulnerability
Impact An arbitrary script may be executed on the user's web browser. Solution Products Affected A wide range of products is affected. For more information, refer to the vendor's website...
Oracle Portal 10g - 'P_OldURL' Cross-Site Scripting
source: https://www.securityfocus.com/bid/22999/info Oracle Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user i...
JVN#91706484 Trac cross-site scripting vulnerability
Impact A remote attacker could possibly execute an arbitrary script on the user's IE where the user views a Trac wiki content. Solution Products Affected trac 0.10.3 and earlier versions trac-0.10.3-ja-1 and earlier versions...