CVE-2004-2261

Cross-site scripting XSS vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the 1 news submit or 2 article submit functions...

CVE-2004-2261

CVE-2004-2261 is an XSS vulnerability in the e107 content management system. The issue allows remote attackers to inject arbitrary script or HTML via the login name/author field in the News Submit or Article Submit functions. The connected sources confirm the vulnerability details but do not prov...

CVE-2004-2279

Cross-site scripting XSS vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php...

Mozilla Thunderbird: Multiple vulnerabilities

Background Mozilla Thunderbird is the next-generation mail client from the Mozilla project. Description The following vulnerabilities were found and fixed in Mozilla Thunderbird: "mozbugra4" and "shutdown" discovered that Thunderbird was improperly cloning base objects MFSA 2005-56. "mozbugra4"...

CVE-2002-2086

Multiple cross-site scripting XSS vulnerabilities in magicHTML of SquirrelMail before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via 1 "script" in unspecified input fields or 2 a javascript: URL in the src attribute of an IMG tag...

Simple Message Board 2.0 beta1 - 'Thread.cfm' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14268/info A cross-site scripting vulnerability affects Simple Message Board. This issue is due to a failure of the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...

CVE-2005-2269

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as...

CVE-2005-2269

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as...

CVE-2005-2269

Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as...

WebEOC is vulnerable to cross-site scripting attacks

Overview WebEOC contains multiple cross-site scripting vulnerabilities that may allow a remote attacker to inject and execute arbitrary script using a vulnerable WebEOC site. Description WebEOC is a web-based crisis information management application that provides functions to gather, coordinate,...

PPA 0.5.6 - 'ppa_root_path' File Inclusion

source: https://www.securityfocus.com/bid/14209/info PPA is susceptible to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary server-side script code on an affect...

AutoIndex PHP Script 1.5.2 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14154/info AutoIndex PHP Script is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...

Community Server Forums - SearchResults.aspx Cross-Site Scripting

Community Server Forums - SearchResults.aspx Cross-Site Scripting source: https://www.securityfocus.com/bid/14078/info Community Server Forums is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker...

Hosting Controller 6.1 - error.asp Cross-Site Scripting

Hosting Controller 6.1 - error.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/14080/info Hosting Controller is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'error.asp' script. A...

ASPNuke 0.80 - 'forgot_password.asp?email' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14062/info ASPNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code execute...

Whois.Cart 2.2.x - profile.php Cross-Site Scripting

Whois.Cart 2.2.x - profile.php Cross-Site Scripting source: https://www.securityfocus.com/bid/14044/info Whois.Cart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to...

Whois.Cart 2.2.x - 'profile.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14044/info Whois.Cart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser o...

CVE-2002-1679

Cross-site scripting XSS vulnerability in Jelsoft vBulletin 2.2.0 allows remote attackers to execute arbitrary script as other users by injecting script into a bulletin board message...

CVE-2002-1683

Cross-site scripting XSS vulnerability in BadBlue Personal Edition 1.7.3 allows remote attackers to execute arbitrary script as other users by injecting script into the cleanSearchString function...

CVE-2002-1702

Cross-site scripting vulnerability XSS in DeltaScripts PHP Classifieds 6.0.5 allows remote attackers to execute arbitrary script as other users via the URL parameter...