417 matches found
Viscacha 0.8 Gold Cross Site Scripting
Viscacha 0.8 Gold persistant XSS vulnerability Found By: mrme Download: http://www.viscacha.org/ Tested On: Windows Vista Note: For educational purposes only POC Info: A regular user of the board can embed javascript code that could be executed within the context of the admin's browser. If the us...
PacketVideo Twonky Server 4.4.175.0.65 - Cross-Site Scripting HTML Injection
PacketVideo Twonky Server 4.4.175.0.65 - Cross-Site Scripting HTML Injection source: https://www.securityfocus.com/bid/41929/info Twonky Server is prone to a cross-site scripting vulnerability and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input...
IBM Tivoli Identity Manager 5.0.5 - User Profile HTML Injection
source: https://www.securityfocus.com/bid/36293/info IBM Tivoli Identity Manager is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in...
Multi Website 1.5 - search HTML Injection
Multi Website 1.5 - search HTML Injection source: https://www.securityfocus.com/bid/43245/info Multi Website is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow...
Curverider Elgg 1.0 - Templates HTML Injection
source: https://www.securityfocus.com/bid/43871/info Elgg is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Exploits require the attacker be an authenticated user; this permission may be trivial ...
Google Chrome XSS Vulnerability
The host is installed with Google Chrome and is prone to XSS vulnerability. OpenVAS Vulnerability Test $Id: gbgooglechromexssvuln.nasl 4869 2016-12-29 11:01:45Z teissa $ Google Chrome XSS Vulnerability Authors: Nikita MR Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.ne...
ExpressionEngine 1.6 - Avtaar Name HTML Injection
source: https://www.securityfocus.com/bid/34193/info ExpressionEngine is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the contex...
MagpieRSS 0.72 - CDATA HTML Injection
MagpieRSS 0.72 - CDATA HTML Injection source: https://www.securityfocus.com/bid/33044/info MagpieRSS is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and scri...
vBulletin 3.7.1 - admincpfaq.php?Injection adminlog.php Cross-Site Scripting
vBulletin 3.7.1 - admincpfaq.php?Injection adminlog.php Cross-Site Scripting source: https://www.securityfocus.com/bid/30134/info vBulletin is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated...
ScrewTurn Software ScrewTurn Wiki 2.0.x - 'System Log' Page HTML Injection
source: https://www.securityfocus.com/bid/30429/info ScrewTurn Wiki is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context ...
security flaw
Cross-site scripting XSS vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the 1 addEventListener or 2 setTimeout function, probably by setting events that activate after the context...
Fizzle 0.5 - RSS Feed HTML Injection
source: https://www.securityfocus.com/bid/23144/info Fizzle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the...
KDPics 1.111.16 - index.php3?categories Cross-Site Scripting
KDPics 1.111.16 - index.php3?categories Cross-Site Scripting source: https://www.securityfocus.com/bid/21515/info KDPics is prone to multiple input-validation vulnerabilities, including cross-site scripting and remote file-include issues, because the application fails to sanitize user-supplied...
KDPics 1.111.16 - galeries.inc.php3?categories Cross-Site Scripting
KDPics 1.111.16 - galeries.inc.php3?categories Cross-Site Scripting source: https://www.securityfocus.com/bid/21515/info KDPics is prone to multiple input-validation vulnerabilities, including cross-site scripting and remote file-include issues, because the application fails to sanitize...
KDPics 1.11/1.16 - 'index.php3?categories' Cross-Site Scripting
source: https://www.securityfocus.com/bid/21515/info KDPics is prone to multiple input-validation vulnerabilities, including cross-site scripting and remote file-include issues, because the application fails to sanitize user-supplied input. A successful exploit may allow unauthorized users to vie...
Baby Katie Media VSReal and VScal 1.0 - myslideshow.php?title Cross-Site Scripting
Baby Katie Media VSReal and VScal 1.0 - myslideshow.php?title Cross-Site Scripting source: https://www.securityfocus.com/bid/18350/info vsREAL and vSCAL are prone to multiple cross-site scripting vulnerabilities. These issues are due to the applications' failure to properly sanitize user-supplied...
SquirrelMail: Cross-site scripting and IMAP command injection
Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP protocols. Description SquirrelMail does not validate the rightframe parameter in webmail.php, possibly allowing frame replacement or cross-site scripting CVE-2006-0188. Martijn Brinkers and Scott Hughes...