Lucene search
K

450 matches found

NVD
NVD
added 2010/10/13 7:0 p.m.25 views

CVE-2010-3243

Cross-site scripting XSS vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified...

4.3CVSS5.5AI score0.1572EPSS
Exploits0References5
Prion
Prion
added 2010/10/13 7:0 p.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified...

4.3CVSS6AI score0.1572EPSS
Exploits0References5Affected Software3
CVE
CVE
added 2010/10/13 6:0 p.m.83 views

CVE-2010-3243

CVE-2010-3243 describes an HTML sanitization vulnerability (HTML Sanitization Vulnerability) causing cross-site scripting in Microsoft Internet Explorer 8 and in SharePoint components: Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2. The root cause is improper filtering ...

4.3CVSS7AI score0.1572EPSS
Exploits0References5Affected Software2
Positive Technologies
Positive Technologies
added 2010/10/13 12:0 a.m.5 views

PT-2010-4679 · Microsoft · Internet Explorer +3

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer version 8 Microsoft Windows SharePoint Services versions 3.0 SP2 Microsoft Office SharePoint Server versions 2007 SP2 Description: The issue allows remote attackers to inject arbitrary web script or HTML via...

4.3CVSS6.3AI score0.1572EPSS
Exploits0References11
NVD
NVD
added 2010/09/17 6:0 p.m.32 views

CVE-2010-3324

The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scriptin...

4.3CVSS5.1AI score0.25016EPSS
Exploits2References7
Cvelist
Cvelist
added 2010/09/17 5:46 p.m.49 views

CVE-2010-3324

The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scriptin...

7.7AI score0.25016EPSS
Exploits2References7
CVE
CVE
added 2010/09/17 5:46 p.m.92 views

CVE-2010-3324

CVE-2010-3324 describes an IE8/SharePoint CSS @import-based XSS bypass. The connected MSKB MS10-035 documents a broader cumulative security update for Internet Explorer to address IE vulnerabilities (including remote code execution via crafted pages) and provides update guidance. However, the pro...

4.3CVSS7.4AI score0.25016EPSS
Exploits2References7Affected Software6
Exploit DB
Exploit DB
added 2010/08/16 12:0 a.m.24 views

Microsoft Internet Explorer 8 - 'toStaticHTML()' HTML Sanitization Bypass

source: https://www.securityfocus.com/bid/42467/info Internet Explorer 8 is prone to a security-bypass weakness. Internet Explorer 8 includes a method designed to sanitize executable script constructs from HTML. Attackers can bypass this protection, allowing script code to execute on the client,...

7AI score
Exploits0
exploitpack
exploitpack
added 2010/08/16 12:0 a.m.14 views

Microsoft Internet Explorer 8 - toStaticHTML() HTML Sanitization Bypass

Microsoft Internet Explorer 8 - toStaticHTML HTML Sanitization Bypass source: https://www.securityfocus.com/bid/42467/info Internet Explorer 8 is prone to a security-bypass weakness. Internet Explorer 8 includes a method designed to sanitize executable script constructs from HTML. Attackers can...

7.2AI score
Exploits0
Cvelist
Cvelist
added 2010/04/28 10:0 p.m.21 views

CVE-2010-1585

The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remot...

9.4AI score0.04471EPSS
Exploits2References9
UbuntuCve
UbuntuCve
added 2009/01/05 8:30 p.m.30 views

CVE-2008-5845

Multiple cross-site scripting XSS vulnerabilities in Six Apart Movable Type MT before 4.23 allow remote attackers to inject arbitrary web script or HTML via a 1 MTEntryAuthorUsername, 2 MTAuthorDisplayName, 3 MTEntryAuthorDisplayName, or 4 MTCommenterName field in a Profile View template; a 5...

4.3CVSS6AI score0.0105EPSS
Exploits0References1
Prion
Prion
added 2009/01/05 8:30 p.m.16 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Six Apart Movable Type MT before 4.23 allow remote attackers to inject arbitrary web script or HTML via a 1 MTEntryAuthorUsername, 2 MTAuthorDisplayName, 3 MTEntryAuthorDisplayName, or 4 MTCommenterName field in a Profile View template; a 5...

4.3CVSS6AI score0.0105EPSS
Exploits0References3Affected Software1
securityvulns
securityvulns
added 2007/04/11 12:0 a.m.70 views

[MajorSecurity Advisory #43]Calacode ATMail 5.0 - Cross Site Scripting and Cookie Manipulation Issue

MajorSecurity Advisory 43Calacode ATMail 5.0 - Cross Site Scripting and Cookie Manipulation Issue Details ======= Product: @Mail 5.0 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.atmail.com/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered b...

Exploits0
securityvulns
securityvulns
added 2006/11/17 12:0 a.m.41 views

[MajorSecurity Advisory #34]Plesk 8 - Multiple Cross Site Scripting Issues

MajorSecurity Advisory 34Plesk 8 - Multiple Cross Site Scripting Issues Details ======= Product: Plesk Affected Version: = 8.0.1 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.swsoft.com/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by:...

0.1AI score
Exploits0
exploitpack
exploitpack
added 2006/06/07 12:0 a.m.13 views

Open Business Management 1.0.3 pl1 - company_index.php Multiple Cross-Site Scripting Vulnerabilities

Open Business Management 1.0.3 pl1 - companyindex.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code fr...

Exploits0
exploitpack
exploitpack
added 2006/06/07 12:0 a.m.7 views

Open Business Management 1.0.3 pl1 - list_index.php Multiple Cross-Site Scripting Vulnerabilities

Open Business Management 1.0.3 pl1 - listindex.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from...

Exploits0
Exploit DB
Exploit DB
added 2006/06/07 12:0 a.m.25 views

Open Business Management 1.0.3 pl1 - 'list_index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user. An attacker could exploit...

7.4AI score
Exploits0
UbuntuCve
UbuntuCve
added 2005/04/27 4:0 a.m.21 views

CVE-2005-0085

Cross-site scripting XSS vulnerability in ht://dig htdig before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message...

6.8CVSS6.2AI score0.02273EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2004/04/15 12:0 a.m.32 views

SCT Campus Pipeline 1.0/2.x/3.x - Email Attachment Script Injection

source: https://www.securityfocus.com/bid/10154/info It has been reported that Campus Pipeline is prone to a remote email attachment script injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied HTML and script code contained in email...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/12/03 12:0 a.m.27 views

Websense Enterprise 4/5 - Blocked Sites Cross-Site Scripting

source: https://www.securityfocus.com/bid/9149/info Websense Enterprise displays error pages for blocked sites without sufficiently sanitizing HTML and script code from the blocked site URI. This could allow for cross-site scripting attacks if a victim user visits a link to a blocked site that...

7.4AI score
Exploits0
Rows per page
Query Builder