7602 matches found
Imatix Xitami 2.5 - Server-Side Includes Cross-Site Scripting
Imatix Xitami 2.5 - Server-Side Includes Cross-Site Scripting source: https://www.securityfocus.com/bid/10778/info It is reported that Imatix Xitami is affected by a cross-site scripting vulnerability in the server side includes test script. This issue is due to a failure of the application to...
Imatix Xitami 2.5 - Server-Side Includes Cross-Site Scripting
source: https://www.securityfocus.com/bid/10778/info It is reported that Imatix Xitami is affected by a cross-site scripting vulnerability in the server side includes test script. This issue is due to a failure of the application to properly sanitize user-supplied input. Successful exploitation o...
CVE-2004-0678
Cross-site scripting XSS in one2planet.infolet.InfoServlet in 12Planet Chat Server 2.9 allows remote attackers to execute arbitrary script as other users via the page parameter...
CVE-2004-0660
Cross-site scripting XSS vulnerability in 1 showarchives.php, 2 shownews.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter...
CVE-2004-0663
CVE-2004-0663 affects PowerPortal 1.x, where a cross-site scripting (XSS) flaw exists in modules.php. The vulnerability enables injection of arbitrary script or HTML via (1) id in the private_messages module, (2) search in the links and content modules, and (3) files in the gallery module. These ...
CVE-2004-0606
Cross-site scripting XSS vulnerability in Infoblox DNS One running firmware 2.4.0-8 and earlier allows remote attackers to execute arbitrary scripts as other users via the 1 CLIENTID or 2 HOSTNAME option of a DHCP request...
CVE-2004-0584
CVE-2004-0584 refers to an input validation vulnerability in Horde IMP up to version 3.2.3 (and earlier) that can allow remote attackers to inject script via HTML or script in email messages, potentially triggering a cross-site scripting (XSS) condition. Affected software: Horde IMP 3.2.3 and ear...
CVE-2004-1969
The avatar upload capability in Open Bulletin Board OpenBB 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript...
Fusionphp Fusion News 3.6.1 - Cross-Site Scripting
Fusionphp Fusion News 3.6.1 - Cross-Site Scripting source: https://www.securityfocus.com/bid/10203/info An attacker may be capable of executing arbitrary script code in a browser of a target user and within the context of a visited web site. This may potentially lead to theft of cookie based...
ProfitCode Software PayProCart 3.0 - AdminShop TaskID Cross-Site Scripting
ProfitCode Software PayProCart 3.0 - AdminShop TaskID Cross-Site Scripting source: https://www.securityfocus.com/bid/13307/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may...
ProfitCode Software PayProCart 3.0 - AdminShop TaskID Cross-Site Scripting
source: https://www.securityfocus.com/bid/13307/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser o...
phpBugTracker 0.9 - user.php?bugid Cross-Site Scripting
phpBugTracker 0.9 - user.php?bugid Cross-Site Scripting source: https://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. These issues are all due...
phpBugTracker 0.9 - query.php Multiple Cross-Site Scripting Vulnerabilities
phpBugTracker 0.9 - query.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. Thes...
WebCT Campus Edition 3.84.x - HTML Injection
WebCT Campus Edition 3.84.x - HTML Injection source: https://www.securityfocus.com/bid/9999/info It has been reported that WebCT Campus Edition may be prone to an HTML injection vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in the browser of an unsuspecti...
Topic Calendar 1.0.1 - Calendar_Scheduler.php Cross-Site Scripting
Topic Calendar 1.0.1 - CalendarScheduler.php Cross-Site Scripting source: https://www.securityfocus.com/bid/12893/info Topic Calendar is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An...
CVE-2004-0314
Cross-site scripting XSS vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter...
CVE-2004-0337
Cross-site scripting XSS vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / slash and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be...
CVE-2004-0337
The CVE-2004-0337 entry documents a cross-site scripting vulnerability in LAN SUITE Web Mail 602Pro. An attacker could craft a URL to index.html with a trailing slash and script payload to execute arbitrary script/HTML as another user. The vendor notes the bug could not be reproduced, leaving unc...
CVE-2004-0248
CVE-2004-0248 describes a cross-site scripting (XSS) vulnerability in PHPX 3.2.3. The issue allows remote attackers to run arbitrary script as another user by injecting HTML or script into three inputs: the keywords argument of main.inc.php, the body argument of help.inc.php, or the subject field...
CVE-2004-0319
This CVE (CVE-2004-0319) concerns a Cross-site scripting (XSS) vulnerability in ezBoard 7.3u. The underlying issue is within the font tag handling, where attacker-controlled content can be injected via background:url used in a (1) font color or (2) font face argument, allowing remote execution of...