BookReview 1.0 - suggest_category.htm?node Cross-Site Scripting

BookReview 1.0 - suggestcategory.htm?node Cross-Site Scripting source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...

BookReview 1.0 - add_classification.htm?isbn Cross-Site Scripting

BookReview 1.0 - addclassification.htm?isbn Cross-Site Scripting source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker ma...

BookReview 1.0 - 'suggest_review.htm?node' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in...

BookReview 1.0 - 'add_url.htm?node' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in...

Groove Virtual Office / Workspace Multiple Vulnerabilities

According the remote registry, the version of Groove Virtual Office or Groove Workspace on the remote host suffers from multiple vulnerabilities. Some of these flaws may allow for arbitrary script execution, disclosure of sensitive information, and denial of service, all from remote users. C...

CVE-2002-1662

Multiple cross-site scripting XSS vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via 1 search.php and 2 the "Your name" field during account registration...

CVE-2005-1193

The bbencodesecondpass and makeclickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a 1 javascript:, 2 applet:, 3 about:, 4 activex:, 5 chrome:, or 6 script: UR...

CVE-2005-1193

The CVE-2005-1193 vulnerability affects phpBB up to version 2.0.14 (before 2.0.15). The bbencode_second_pass and make_clickable functions in bbcode.php fail to filter BBCode URLs, allowing remote attackers to execute arbitrary script via URL schemes such as javascript:, applet:, about:, activex:,...

Skull-Splitter Guestbook Multiple Field XSS

The remote version of this software is vulnerable to cross-site scripting attacks. Inserting special characters into the subject or message content can cause arbitrary script code execution for third-party users, thus resulting in a loss of integrity of their system. %NASLMINLEVEL 70300 This scri...

CVE-2005-1498

Multiple cross-site scripting XSS vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 year parameter in viewmode.php, or the 2 catid, 3 monthno, or 4 postid parameter in index.php, which are not properly sanitized before they are displayed in...

CVE-2004-1969

The avatar upload capability in Open Bulletin Board OpenBB 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript...

CVE-2004-1818

CVE-2004-1818 describes a cross-site scripting (XSS) vulnerability in the nmimage.php script of 4nalbum 0.92 running on PHP-Nuke 6.5–7.0. Attackers can inject arbitrary script via the z parameter to execute code in the context of other users. The provided documents do not specify exploit details,...

CVE-2004-1969

The CVE-2004-1969 entry concerns Open Bulletin Board (OpenBB)

MidiCart PHP - Item_List.php?SecondGroup Cross-Site Scripting

MidiCart PHP - ItemList.php?SecondGroup Cross-Site Scripting source: https://www.securityfocus.com/bid/13517/info MidiCart PHP is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage thi...

CVE-2005-1337

Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote attackers to read and execute arbitrary scrpts with less restrictive privileges via a help:// URI...

FishCart 3.1 - 'display.php?nlst' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13499/info FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit of the SQL-injection issues could allow an attacker to compromise...

CVE-2005-1191

The Web View DLL webvw.dll, as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe "'" in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when t...

Just William's Amazon Webstore - 'Closeup.php?Image' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13419/info Amazon Webstore is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...

CartWIZ 1.10 - 'Access.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13338/info CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of a...

CartWIZ 1.10 - 'searchresults.asp' Name Argument Cross-Site Scripting

source: https://www.securityfocus.com/bid/13343/info CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of a...