3566 matches found
CVE-2006-2880
Cross-site scripting XSS vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the 1 url and 2 author fields...
AlstraSoft E-Friends - XSS
AlstraSoft E-Friends - XSS Homepage: http://www.alstrasoft.com/ Description: Alstrasoft E-friends allows you to run a community site like MySpace and Friendster. Effected files or areas of site: index.php The input forms on the following items belowdo not properlly filter out all potential harmfu...
CVE-2006-2564
Multiple cross-site scripting XSS vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by 1 posting a blog, 2 posting a listing, 3 posting an event, 4 adding comments, or 5 sending a message...
CVE-2006-2390
Cross-site scripting XSS vulnerability in OZJournals 1.2 allows remote attackers to inject arbitrary web script or HTML via the vname parameter in the comments functionality...
Cross site scripting
Cross-site scripting XSS vulnerability in OZJournals 1.2 allows remote attackers to inject arbitrary web script or HTML via the vname parameter in the comments functionality...
CVE-2006-2390
The set of connected documents confirms a cross-site scripting (XSS) vulnerability in OZJournals 1.2, exploitable via the vname parameter in the comments functionality. The CVSSv2 base score is 5.8 (Medium), with network access required and no user interaction needed, and impact described as part...
CVE-2006-2290
Multiple cross-site scripting XSS vulnerabilities in kommentar.php in 2005-Comments-Script allow remote attackers to inject arbitrary web script or HTML via the 1 id, 2 email, and 3 url parameter...
CVE-2006-2290
Multiple cross-site scripting XSS vulnerabilities in kommentar.php in 2005-Comments-Script allow remote attackers to inject arbitrary web script or HTML via the 1 id, 2 email, and 3 url parameter...
CVE-2006-2290
CVE-2006-2290 describes multiple cross-site scripting (XSS) vulnerabilities in kommentar.php of the 2005-Comments-Script. The issue allows remote attackers to inject arbitrary web script or HTML via the 1) id, 2) email, and 3) url parameters. According to NVD, the CVSS v2 base score is 6.8 (Mediu...
[SA19996] 2005-Comments-Script Multiple Vulnerabilities
TITLE: 2005-Comments-Script Multiple Vulnerabilities SECUNIA ADVISORY ID: SA19996 VERIFY ADVISORY: http://secunia.com/advisories/19996/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: 2005-Comments-Script http://secunia.com/product/9778/ DESCRIPTION: Some...
neo-Advisory-20.txt
/ --------------------------------------------------------------- Neo Security Team NST® Advisory 20 --------------------------------------------------------------- Program : CuteNews 1.4.1 Homepage: http://www.cutephp.com Vulnerable Versions: CuteNews 1.4.1 & lower ones Risk: Medium! Impact: Cro...
CVE-2006-2232
Cross-site scripting XSS vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook...
Cross site scripting
Cross-site scripting XSS vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook...
CVE-2006-2232
Cross-site scripting XSS vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook...
security flaw
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting XSS attacks via style sheet specifiers with invalid 1 "/" and "/" comments, or 2 a newline in a "url" specifier, which is processed by certain web browsers...
Sql injection
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 tid parameter in a preview.php; the 2 cid, 3 pid, and 4 eid parameters in b archive.php; and the 5 pid parameter in c comments.php...
CVE-2006-1842
Cross-site scripting XSS vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the 1 NAME and 2 COMMENTS parameters...
ShoutBOOK <= 1.1 XSS
==================== Discovered by: Qex Date: 16 April 2006 ==================== Write a message: Name: XSS Location: optional Website: optional Comments: XSS...
CVE-2006-1437
UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt...
Design/Logic Flaw
UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt...