Cross-site Scripting (XSS) - Stored in zikula/core

Description Stored XSS in Blocks Module when Create new block with Block type ZikulaBlocksModule/Xslt Proof of Concept POST /blocks/admin/block/edit/8 HTTP/2 Host: demo.ziku.la Cookie: zsid=5idn7q9udrp7mgirikmdlep45d User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0 Gecko/20100101...

PostNuke 0.75/0.76 Blocks Module Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13636/info PostNuke Blocks module is affected by a directory traversal vulnerability. The problem presents itself when an attacker passes a name for a target file, along with directory traversal sequences, to the affected...

CVE-2010-0370

Cross-site scripting XSS vulnerability in the Node Blocks module 5.x-1.1 and earlier, and 6.x-1.3 and earlier, a module for Drupal, allows remote authenticated users, with permissions to create or edit content and administer blocks, to inject arbitrary web script or HTML via the edit-title...

PT-2005-3706 · Maxdev · Maxdev Md-Pro

Name of the Vulnerable Software and Affected Versions: MAXdev MD-Pro versions 1.0.72 and earlier Description: The issue affects one or more modules in MAXdev MD-Pro, including the Download, Search, Web links, Blocks, Messages, News, Comments, Settings, Stats, or subjects modules. The impact and...

CVE-2005-1698

PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to 1 theme.php or 2 Xanthia.php in the Xanthia module, 3 user.php, 4 thelang.php, 5 text.php, 6 html.php, 7 menu.php, 8 finclude.php, or 9 button.php in the pnblocks directory in the Blocks...

PT-2005-2673 · Postnuke · Postnuke

Name of the Vulnerable Software and Affected Versions: PostNuke versions 0.750 through 0.760RC3 Description: The issue allows remote attackers to obtain sensitive information via direct requests to various files, including theme.php and Xanthia.php in the Xanthia module, multiple files in the...

CVE-2005-1608

The CVE-2005-1608 entry concerns the Blocks module in Spidean AutoTheme 1.7 and AT-Lite for PostNuke. Multiple unspecified vulnerabilities affect the Blocks component, with exposure described as potentially allowing a remote attacker to gain unauthorized access to the remote host. Affected produc...

PostNuke 0.750.76 Blocks Module - Directory Traversal

PostNuke 0.750.76 Blocks Module - Directory Traversal source: https://www.securityfocus.com/bid/13636/info PostNuke Blocks module is affected by a directory traversal vulnerability. The problem presents itself when an attacker passes a name for a target file, along with directory traversal...