450 matches found
CVE-2010-3243
Cross-site scripting XSS vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified...
Cross site scripting
Cross-site scripting XSS vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified...
CVE-2010-3243
CVE-2010-3243 describes an HTML sanitization vulnerability (HTML Sanitization Vulnerability) causing cross-site scripting in Microsoft Internet Explorer 8 and in SharePoint components: Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2. The root cause is improper filtering ...
PT-2010-4679 · Microsoft · Internet Explorer +3
Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer version 8 Microsoft Windows SharePoint Services versions 3.0 SP2 Microsoft Office SharePoint Server versions 2007 SP2 Description: The issue allows remote attackers to inject arbitrary web script or HTML via...
CVE-2010-3324
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scriptin...
CVE-2010-3324
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scriptin...
CVE-2010-3324
CVE-2010-3324 describes an IE8/SharePoint CSS @import-based XSS bypass. The connected MSKB MS10-035 documents a broader cumulative security update for Internet Explorer to address IE vulnerabilities (including remote code execution via crafted pages) and provides update guidance. However, the pro...
Microsoft Internet Explorer 8 - 'toStaticHTML()' HTML Sanitization Bypass
source: https://www.securityfocus.com/bid/42467/info Internet Explorer 8 is prone to a security-bypass weakness. Internet Explorer 8 includes a method designed to sanitize executable script constructs from HTML. Attackers can bypass this protection, allowing script code to execute on the client,...
Microsoft Internet Explorer 8 - toStaticHTML() HTML Sanitization Bypass
Microsoft Internet Explorer 8 - toStaticHTML HTML Sanitization Bypass source: https://www.securityfocus.com/bid/42467/info Internet Explorer 8 is prone to a security-bypass weakness. Internet Explorer 8 includes a method designed to sanitize executable script constructs from HTML. Attackers can...
CVE-2010-1585
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remot...
CVE-2008-5845
Multiple cross-site scripting XSS vulnerabilities in Six Apart Movable Type MT before 4.23 allow remote attackers to inject arbitrary web script or HTML via a 1 MTEntryAuthorUsername, 2 MTAuthorDisplayName, 3 MTEntryAuthorDisplayName, or 4 MTCommenterName field in a Profile View template; a 5...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Six Apart Movable Type MT before 4.23 allow remote attackers to inject arbitrary web script or HTML via a 1 MTEntryAuthorUsername, 2 MTAuthorDisplayName, 3 MTEntryAuthorDisplayName, or 4 MTCommenterName field in a Profile View template; a 5...
[MajorSecurity Advisory #43]Calacode ATMail 5.0 - Cross Site Scripting and Cookie Manipulation Issue
MajorSecurity Advisory 43Calacode ATMail 5.0 - Cross Site Scripting and Cookie Manipulation Issue Details ======= Product: @Mail 5.0 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.atmail.com/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered b...
[MajorSecurity Advisory #34]Plesk 8 - Multiple Cross Site Scripting Issues
MajorSecurity Advisory 34Plesk 8 - Multiple Cross Site Scripting Issues Details ======= Product: Plesk Affected Version: = 8.0.1 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.swsoft.com/ Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by:...
Open Business Management 1.0.3 pl1 - company_index.php Multiple Cross-Site Scripting Vulnerabilities
Open Business Management 1.0.3 pl1 - companyindex.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code fr...
Open Business Management 1.0.3 pl1 - list_index.php Multiple Cross-Site Scripting Vulnerabilities
Open Business Management 1.0.3 pl1 - listindex.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from...
Open Business Management 1.0.3 pl1 - 'list_index.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/18348/info Open Business Management is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize HTML and script code from user-supplied input to several parameters before returning to the user. An attacker could exploit...
CVE-2005-0085
Cross-site scripting XSS vulnerability in ht://dig htdig before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message...
SCT Campus Pipeline 1.0/2.x/3.x - Email Attachment Script Injection
source: https://www.securityfocus.com/bid/10154/info It has been reported that Campus Pipeline is prone to a remote email attachment script injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied HTML and script code contained in email...
Websense Enterprise 4/5 - Blocked Sites Cross-Site Scripting
source: https://www.securityfocus.com/bid/9149/info Websense Enterprise displays error pages for blocked sites without sufficiently sanitizing HTML and script code from the blocked site URI. This could allow for cross-site scripting attacks if a victim user visits a link to a blocked site that...