CodeIgniter 'CI_Security' Class 'xss_clean()'过滤器安全绕过漏洞

Bugtraq ID: 50847 CVE ID：CVE-2011-4025 CodeIgniter是一套给PHP网站开发者使用的应用程序开发框架和工具包 依赖xssclean过滤器进行XSS保护的EllisLab ExpressionEngine和CodeIgniter存在跨站脚本漏洞，允许攻击者进行会话劫持，信息泄露，安装恶意软件等攻击。 CISecurity类的removeevilattributes函数和xssclean实现存在缺陷，内部XSS过滤器可被绕过，允许在使用EllisLab ExpressionEngine和CodeIgniter产品上进行成功的XSS攻击。...

ExpressionEngine 2.2.2 / CodeIgniter 2.0.3 Cross Site Scripting

CVE: CVE-2011-4025 Vendor: EllisLab Products: ExpressionEngine 2.2.2, CodeIgniter 2.0.3 Vulnerabilities: xssclean filter bypass, leading to Cross-Site Scripting XSS Risk: High Attack Vector: From Remote Reference: http://secureappdev.blogspot.com/2011/11/ellislab-xssclean-filter-bypass.html 1...

Уязвимости во многих темах для ExpressionEngine

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting, Full path disclosure, Abuse of Functionality и Denial of Service уязвимостях во многих темах для ExpressionEngine. Уязвимыми являются следующие темы для ExpressionEngine: Fresh News, Inspire, City Guide, Delegate, Optimize,...

ExpressionEngine CMS Cross Site Scripting Vulnerability

This host is running ExpressionEngine CMS and is prone to Cross Site Scripting vulnerability. OpenVAS Vulnerability Test $Id: gbexpressionenginexssvuln.nasl 4865 2016-12-28 16:16:43Z teissa $ ExpressionEngine CMS Cross Site Scripting Vulnerability Authors: Sujit Ghosal Copyright: Copyright c 2009...

CVE-2009-1070

Cross-site scripting XSS vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter...

CVE-2009-1070

CVE-2009-1070 affects ExpressionEngine CMS. The vulnerability is a Cross-Site Scripting (XSS) in system/index.php, exploitable via the avatar parameter, affecting ExpressionEngine 1.6.4 through 1.6.6 (and possibly earlier versions). The available connected documents confirm the vulnerability vect...

CVE-2009-1070

Cross-site scripting XSS vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter...

ExpressionEngine Cross Site Scripting

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-003 - ExpressionEngine Persistent Cross-Site Scripting Application: ExpressionEngine 1.6.4 possibly earlier-1.6.6 Vendor: EllisLab, INC Vendor website: http://www.expressionengine.com Author: Adam Baldwin...

ExpressionEngine Persistent Cross-Site Scripting

nGenuity Information Services - Security Advisory Advisory ID: NGENUITY-2009-003 - ExpressionEngine Persistent Cross-Site Scripting Application: ExpressionEngine 1.6.4 possibly earlier-1.6.6 Vendor: EllisLab, INC Vendor website: http://www.expressionengine.com http://www.transparent-tech.com/...

ExpressionEngine 1.6 - Avtaar Name HTML Injection

ExpressionEngine 1.6 - Avtaar Name HTML Injection source: https://www.securityfocus.com/bid/34193/info ExpressionEngine is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content...

ExpressionEngine 1.6 - Avtaar Name HTML Injection

source: https://www.securityfocus.com/bid/34193/info ExpressionEngine is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the contex...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. PHP-Nuke: Crossite Scripting. ExpressionEngine: Crossite scripting...

Cross-Site Scripting vulnerability in ExpressionEngine

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в системе ExpressionEngine. XSS: Уязвимость в скрипте index.php в параметре URL, если включен meta-refresh редиректор. http://site/index.php?URL=223E3Cscript3Ealertdocument.cookie3C/script3E Уязвима версия...

pMachine Pro 2.4.1 - Multiple Cross-Site Scripting Vulnerabilities

pMachine Pro 2.4.1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27282/info pMachine Pro is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execut...

pMachinePro-241-xss.txt

[email protected] found: pMachine Pro 2.4.1 Cross Site Scripting Vulnerability http://pmachinepro.com/ Vulnerable: site/path/pm/language/spanish/preferences.php Variables: LPREFGROUPS100 LPREFGROUPS110 LPREFNAME810 LPREFNAME850 etc PoC:...

pMachine Pro 2.4.1 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/27282/info pMachine Pro is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in t...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameter...

Crlf injection

CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter...

CVE-2008-0202

CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter...