Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 LogoffMessage parameter to logofflast.aspx or the 2 txtUsername parameter to Default.aspx. NOTE: The provenance of this informatio...

JVN#80271113 MODx cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected MODx 0.9.2.x and earlier...

Yahoo! Messenger 8.0 - Notification Message HTML Injection

Yahoo! Messenger 8.0 - Notification Message HTML Injection source: https://www.securityfocus.com/bid/22269/info Yahoo! Messenger is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

JVN#93700808 Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Impact An arbitrary script could be executed in an inappropriate security zone. Solution Products Affected Sleipnir 2.49 and earlier Portable Sleipnir 2.45 and earlier RSS bar for Sleipnir 1.28 Release3 and earlier...

lmmhi-xss.txt

Login Manager Multiple HTML Injections Login Manager is a powerful, robust system that enables web administrators to manage website user accounts easily, create membership protected areas, and effortlessly prevent unauthorized user access to secured areas. Login Manager 3 “LM3” uses PHP and MySQL...

paypal-inject.txt

Paypal Subscription Manager allows webmaster easily create subscription web site, visitors can access to digital product instantly after paying through Paypal, PSM provides ability to effortlessly process subscription and protect membership areas. PSM uses PHP and MySQL for fast, efficient,...

JVN#95249468 Fresh Reader RSS feed cross-site scripting vulnerability

Impact An arbitrary script could be executed on the web browser of a Fresh Reader user. Solution Products Affected Fresh Reader Ver 1.0.06053100 and earlier For more information, refer to the vendor's website...

JVN#13939411 Drupal cross-site scripting vulnerability

Impact An arbitrary script could be executed on the browser of the user who logged into Drupal. In addition, if session information from a cookie is leaked, a remote attacker could possibly conduct session hijacking. Solution Products Affected Drupal 4.6.10 and earlier Drupal 4.7.4 and earlier...

DT_Guestbook 1.0 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22078/info The 'dtguestbook' program is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...

MediaWiki 1.x - AJAX index.php Cross-Site Scripting

MediaWiki 1.x - AJAX index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21956/info MediaWiki is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary scri...

MediaWiki 1.x - 'AJAX index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21956/info MediaWiki is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in th...

Adobe Acrobat Reader Plugin 7.0.x - acroreader Cross-Site Scripting

Adobe Acrobat Reader Plugin 7.0.x - acroreader Cross-Site Scripting Stefano Di Paola http://www.wisec.it/ From Secunia: Input passed to a hosted PDF file is not properly sanitised by the browser plug-in before being returned to users. This can be exploited to execute arbitrary script code in a...

EditTag 1.2 - 'mkpw.pl?plain' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21891/info EditTag is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in t...

Adobe Acrobat Reader Plugin <= 7.0.x (acroreader) XSS Vulnerability

Exploit for unknown platform in category remote exploits =================================================================== Adobe Acrobat Reader Plugin = 7.0.x acroreader XSS Vulnerability =================================================================== Stefano Di Paola http://www.wisec.it/...

Adobe Acrobat Reader Plugin 7.0.x - &#039;acroreader&#039; Cross-Site Scripting

Stefano Di Paola http://www.wisec.it/ From Secunia: Input passed to a hosted PDF file is not properly sanitised by the browser plug-in before being returned to users. This can be exploited to execute arbitrary script code in a user's browser session in context of an affected site. Example: -...

MyServer 0.9.8 - Post.MSCGI Cross-Site Scripting

MyServer 0.9.8 - Post.MSCGI Cross-Site Scripting source: https://www.securityfocus.com/bid/24583/info MyServer is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script...

AShop Deluxe 4.5 - &#039;editcatalogue.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code...

VCard Pro - gbrowse.php Cross-Site Scripting

VCard Pro - gbrowse.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21844/info vCard PRO is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code...

Mobilelib Gold - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/21817/info Mobilelib GOLD is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an...

Mobilelib Gold - Multiple Cross-Site Scripting Vulnerabilities

Mobilelib Gold - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/21817/info Mobilelib GOLD is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issue...