Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the user account creation feature in Exponent CMS 0.96.6-GA20071003 and earlier, when the Allow Registration? configuration option is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 username, 2 firstname, 3...

CVE-2008-1972

Multiple cross-site scripting XSS vulnerabilities in the user account creation feature in Exponent CMS 0.96.6-GA20071003 and earlier, when the Allow Registration? configuration option is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 username, 2 firstname, 3...

CVE-2008-1972

Exponent CMS 0.96.6-GA20071003 and earlier is affected by multiple XSS vulnerabilities in the user account creation feature when Allow Registration is enabled. Remote attackers can inject arbitrary web script or HTML via the (1) username, (2) firstname, (3) lastname, and (4) e-mail address fields...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 2258)

This update brings MozillaFirefox to the security update release 1.5.0.8, including the following security fixes. Full details can be found on: http://www.mozilla.org/projects/security/known-vulnerabiliti es.html - Is split into 3 sub-entries, for ongoing stability improvements in the Mozilla...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 url parameter to a magpiedebug.php and b magpiesimple.php in external/magpierss/scripts/, the 2 rssurl parameter to c magpieslashbox.p...

CVE-2007-2337

Multiple cross-site scripting XSS vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 url parameter to a magpiedebug.php and b magpiesimple.php in external/magpierss/scripts/, the 2 rssurl parameter to c magpieslashbox.p...

CVE-2007-2337

Multiple cross-site scripting XSS vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 url parameter to a magpiedebug.php and b magpiesimple.php in external/magpierss/scripts/, the 2 rssurl parameter to c magpieslashbox.p...

CVE-2007-2337

CVE-2007-2337 affects Exponent CMS 0.96.6 Alpha and earlier. The issue comprises multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via: (1) the url parameter to magpie_debug.php and magpie_simple.php (external/magpierss/scripts/...

CVE-2007-2253

Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for 1 sdk/blanks/formcontrol.php and 2 sdk/blanks/filemodules.php...

Path traversal

Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for 1 sdk/blanks/formcontrol.php and 2 sdk/blanks/filemodules.php...

CVE-2007-2252

Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. dot dot in the icodir parameter...

Directory traversal

Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. dot dot in the icodir parameter...

CVE-2007-2252

Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. dot dot in the icodir parameter...

CVE-2007-2252

The CVE-2007-2252 entry describes a directory traversal in Exponent CMS, affecting iconspopup.php where the icodir parameter can be exploited with a .. payload to disclose sensitive information. Affected version(s): Exponent CMS 0.96.6 Alpha and earlier. Root cause is improper handling of user-su...

CVE-2007-2253

Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for 1 sdk/blanks/formcontrol.php and 2 sdk/blanks/filemodules.php...

CVE-2007-2253

CVE-2007-2253 affects Exponent CMS 0.96.6 Alpha and earlier. The vulnerability is a path disclosure where remote attackers can obtain path information by directly requesting (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php. The connected documents provide these concrete affected...

exponent-multi.txt

Exponent Multiple Vulnerabilities Exponent is a fully-featured, modern CMS written in PHP, that enables non-technical people to manage and update their websites with minimal effort. Exponent is also an attractive development platform for traditional and non-traditional web applications. it's grea...

Exponent CMS 0.96.50.96.6 - magpie_debug.php?url Cross-Site Scripting

Exponent CMS 0.96.50.96.6 - magpiedebug.php?url Cross-Site Scripting source: https://www.securityfocus.com/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow ...

Exponent CMS 0.96.50.96.6 - magpie_slashbox.php?rss_url Cross-Site Scripting

Exponent CMS 0.96.50.96.6 - magpieslashbox.php?rssurl Cross-Site Scripting source: https://www.securityfocus.com/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could...

Exponent CMS 0.96.50.96.6 - iconspopup.php?icodir Traversal Arbitrary Directory Listing

Exponent CMS 0.96.50.96.6 - iconspopup.php?icodir Traversal Arbitrary Directory Listing source: https://www.securityfocus.com/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these...