Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via 1 the year parameter to modules/kalender.php, 2 the Page parameter in a List action to modules/ereignis.php, 3 the Kontext parameter in a Search action to...

Cross site scripting

Cross-site scripting XSS vulnerability in install.cgi in SKYARC System MTCMS WYSIWYG Editor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Re: Re: Google Chrome Browser (ChromeHTML://) remote parameter injection POC

Try this: chromehtml:"20--renderer-path="calc"20--no-sandbox Disabling sandbox does matter : Tested with Google Chrome Chrome 1.0.154.46 on Win XP/Vista and IE6/IE7 and it works ... Full PoC: htmlheadtitleChrome URI Handler Remote Command Execution PoC/title/head body h3This is a test/h3 iframe...

GNOME Evolution 2.22.2 - 'html_engine_get_view_width()' Denial of Service

source: https://www.securityfocus.com/bid/29961/info GNOME Evolution is prone to a denial-of-service vulnerability when handling email messages that contain specially crafted HTML. Successful attacks will crash the application. Evolution 2.22.2 is vulnerable; other versions may also be affected...

Cross site scripting

Cross-site scripting XSS vulnerability in SonicWall Email Security 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the Host header in a request to a non-existent web page, which is not properly sanitized in an error page...

CVE-2008-1326

Gallarific is affected by a Cross-site Scripting (XSS) vulnerability in search.php, exploitable via the query parameter to inject arbitrary web script/HTML. This is the explicit vulnerability described across multiple sources (including OpenVAS and NVD entries). The connected documents do not pro...

CVE-2007-5582

Cross-site scripting XSS vulnerability in the login page in Cisco CiscoWorks Server CS, possibly 2.6 and earlier, when using CiscoWorks Common Services 3.0.x and 3.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2007-4836

Cross-site scripting XSS vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action...

HTML files generated with Javadoc are vulnerable to a XSS

The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting XSS vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

LinkedIn Toolbar 3.0.2.1098 - Remote Buffer Overflow

In God We Trust, VDA Labs, LLC function repeatn,c retval=""; for i=0;i milw0rm.com 2007-07-24...

CVE-2007-3503

The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting XSS vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

fizzle-access.txt

Fizzle allows feeds to use HTML in feed data resulting in JavaScript being run in the chrome: window with chrome permissions. The extension will convert HTML entities back to their ASCII equivalents thus for formatting to lose their layout I told him it would be too difficult to sanitize the data...

CVE-2007-1159

CVE-2007-1159 describes a cross-site scripting (XSS) vulnerability in the Pyrophobia web application, specifically in the file modules/out.php for version 2.1.3.1. The flaw allows remote attackers to inject arbitrary web script or HTML by manipulating the id parameter. The entry notes the provena...

BO-BLOG vulnerability to submit 1 sentence horse tool[html]-vulnerability warning-the black bar safety net

Belongs to type:Web Apps The following proceduresmethodsmay carry offensive,for security research and teaching purposes. At your own risk! Code ! DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" HTMLHEADTITLEThe Csript For The "? php eval$POSTcmd?& gt;" /TITLE META...

Microsoft Internet Explorer 7 - MHTML Denial of Service

source: https://www.securityfocus.com/bid/20875/info Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue occurs when Internet Explorer attempts to parse certain malformed HTML content. Successfully exploiting this issue will cause the affected application to cras...

Microsoft Internet Explorer无效HTML解析代码执行漏洞（MS06-013）

Microsoft Internet Explorer是微软发布的非常流行的WEB浏览器。 Internet Explorer处理特制的无效HTML时存在漏洞。攻击者可以创建恶意的Web页面，如果用户访问了该页面的话就会导致内存破坏。成功利用这个漏洞的攻击者可以完全控制受影响的系统。 Microsoft Internet Explorer 5.0 Microsoft Internet Explorer 6.0 - Microsoft Windows XP SP2 - Microsoft Windows Server 2003 SP1...

CVE-2006-5063

Cross-site scripting XSS vulnerability in Elog 2.6.1 allows remote attackers to inject arbitrary web script or HTML by editing log entries in HTML mode...

Moderate: Red Hat Security Advisory: squirrelmail security update

An updated squirrelmail package that fixes three security and many other bug issues is now available. This update contains bug fixes of upstream squirrelmail 1.4.6 with some additional improvements to international language support. This update has been rated as having moderate security impact by...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Lifetype 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the show parameter in a Template operation...

CVE-2006-0063

CVE-2006-0063 affects phpBB 2.0.19, where enabling “Allowed HTML tags” permits cross-site scripting by injecting arbitrary script or HTML via a permitted tag using a single quote character and active attributes such as onmouseover; this is a variant of CVE-2005-4357. The available connected docum...