7612 matches found
CVE-2003-1277
CVE-2003-1277 describes cross-site scripting (XSS) in YaBB 1.5.0. The vulnerability allows remote attackers to execute arbitrary scripts as other users and potentially steal authentication information via cookies by injecting HTML/script into (1) news_icon of news_template.php and (2) threadid an...
CVE-2003-1278
Cross-site scripting vulnerability XSS in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags...
PT-2005-4395 · Ekinboard · Ekinboard
Name of the Vulnerable Software and Affected Versions: Ekinboard version 1.0.3 Description: The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting XSS attacks. This is possible via the id parameter in the "profile.php" endpoint and the...
Zoomblog HTML Injection Vulnerability
DESCRIPTION Zoomblog is prone to HTML injection attacks. It is possible for a malicious Zoomblog user to inject hostile HTML and script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of Zoomblog. Zoomblog does not adequate...
XMB Forum 1.9.3 - 'u2u.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/15342/info XMB is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
phpinfoXSS.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [email protected] schrieb: PoC: phpinfo.php?GLOBALStest=alertdocument.cookie; ...or just use phpinfo.php?=alertdocument.cookie; Saves some typing. In contrary to the above, this one only works on IE tested 6 on XP SP2 & Konqueror tested 3.4.2, though...
CVE-2005-3430
Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as 1 .unk, 2 .asa, and possibly 3 .htr and 4 .aspx, which are not filtered like the .asp extension...
Simple PHP Blog 0.4 - colors.php Multiple Cross-Site Scripting Vulnerabilities
Simple PHP Blog 0.4 - colors.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15283/info Simple PHP Blog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input...
Simple PHP Blog 0.4 - preview_cgi.php Multiple Cross-Site Scripting Vulnerabilities
Simple PHP Blog 0.4 - previewcgi.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15283/info Simple PHP Blog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied...
VUBB - index.php Cross-Site Scripting
VUBB - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/15260/info VUBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scrip...
Snitz Forum 2000 - post.asp Cross-Site Scripting
Snitz Forum 2000 - post.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/15241/info Snitz Forum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to ha...
PBLang 4.65 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/15223/info PBLang is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the...
FlatNuke 2.5.x - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/15176/info FlatNuke is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of ...
Chipmunk Directory - 'recommend.php?entryID' Cross-Site Scripting
source: https://www.securityfocus.com/bid/15149/info Chipmunk products are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...
Xerver 4.17 Server - URI Null Character Cross-Site Scripting
Xerver 4.17 Server - URI Null Character Cross-Site Scripting source: https://www.securityfocus.com/bid/15135/info Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit a...
Xerver 4.17 - Forced Directory Listing
Xerver 4.17 - Forced Directory Listing source: https://www.securityfocus.com/bid/15135/info Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit a vulnerability to...
Oracle 9 - XML DB Cross-Site Scripting
Oracle 9 - XML DB Cross-Site Scripting source: https://www.securityfocus.com/bid/15034/info Oracle XML DB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...
Aenovo - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/15038/info aeNovo is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the...
Security Bypass Vulnerability with Ruby
The Ruby language has a security mechanism security model that can restrict operations on untrusted objects. This security model is based on mechanisms called "object taint" and "safe level." A vulnerability has been confirmed that allows arbitrary script execution by bypassing the "safe level"...
CubeCart 3.0.3 - 'cart.php?redir' Cross-Site Scripting
source: https://www.securityfocus.com/bid/14962/info CubeCart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code execut...