Webmedia Explorer 6.13.1 Cross Site Scripting

Vulnerability ID: HTB22661 Reference: http://www.htbridge.ch/advisory/storedxssvulnerabilityinwebmediaexplorer.html Product: Webmedia Explorer Vendor: Marc Salmurri http://www.webmediaexplorer.com/ Vulnerable Version: 6.13.1 and probably prior versions Vendor Notification: 19 October 2010...

Zomplog 3.9 Cross Site Scripting

Vulnerability ID: HTB22642 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinzomplog.html Product: Zomplog Vendor: Gerben Schmidt http://www.zomp.nl/zomplog/ Vulnerable Version: 3.9 and probably prior versions Vendor Notification: 13 October 2010 Vulnerability Type: XSS Cross Site...

XSS vulnerability in Zomplog

Vulnerability ID: HTB22644 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinzomplog2.html Product: Zomplog Vendor: Gerben Schmidt http://www.zomp.nl/zomplog/ Vulnerable Version: 3.9 and probably prior versions Vendor Notification: 13 October 2010 Vulnerability Type: XSS Cross Site...

BlogBird Cross Site Scripting

========================================== Vulnerability ID: HTB22646 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinblogbird.html Product: BlogBird Vendor: BlogBird http://www.blogbird.nl/ Vulnerable Version: Current actual version on http://www.blogbird.nl/ Vendor Notification: 13...

NinkoBB 1.3RC5 - Cross-Site Scripting

NinkoBB 1.3RC5 - Cross-Site Scripting Vulnerability ID: HTB22652 Reference: http://www.htbridge.ch/advisory/xssinninkobb.html Product: NinkoBB Vendor: NinkoBB http://ninkobb.com Vulnerable Version: 1.3RC5 and probably prior versions Vendor Notification: 13 October 2010 Vulnerability Type: XSS Cro...

XSS vulnerability in Ronny CMS

Vulnerability ID: HTB22622 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinronnycms.html Product: Ronny CMS Vendor: TO4KA Programming Team http://ronny-cms.ru/ Vulnerable Version: 1.1 r935 and probably prior versions Vendor Notification: 29 September 2010 Vulnerability Type: Stored X...

XSS vulnerability in Ronny CMS

Vulnerability ID: HTB22630 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinronnycms2.html Product: Ronny CMS Vendor: TO4KA Programming Team http://ronny-cms.ru/ Vulnerable Version: 1.1 r935 and probably prior versions Vendor Notification: 29 September 2010 Vulnerability Type: Stored...

XSS vulnerability in Expression CMS

Vulnerability ID: HTB22617 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinexpressioncms.html Product: Expression Vendor: Backbone Technology http://www.backbonetechnology.com Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions Vendor Notification: 22 September 2010...

Lantern CMS Cross Site Scripting

================================== Vulnerability ID: HTB22621 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinlanterncms1.html Product: Lantern CMS Vendor: Lantern http://www.lanterncms.com/www/html/7-home-page.asp Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions...

expression-xss.txt

=================================== Vulnerability ID: HTB22618 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinexpressioncms1.html Product: Expression Vendor: Backbone Technology http://www.backbonetechnology.com Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions...

Pluck 4.6.3 Cross Site Scripting

Vulnerability ID: HTB22610 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinpluck.html Product: Pluck Vendor: Pluck Team http://www.pluck-cms.org Vulnerable Version: 4.6.3 and probably prior versions Vendor Notification: 15 September 2010 Vulnerability Type: XSS Cross Site Scripting...

Horde IMP Webmail 4.3.7 - fetchmailprefs.php HTML Injection

Horde IMP Webmail 4.3.7 - fetchmailprefs.php HTML Injection source: https://www.securityfocus.com/bid/43515/info Horde IMP Webmail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data before it is used in dynamic content. Attacker-supplied HTML ...

Persistent XSS Bug on Twitter Exploited by Worm

UPDATE— Within an hour of reports surfacing about a cross-site scripting bug on the Twitter home page, a worm exploiting the bug was released on the site. However, engineers at Twitter have repaired the bug and say that it no longer should be exploitable. The bug appeared Tuesday morning and...

Ecshop2.7.2持久型XSS（可获得管理员帐号）

简要描述： 个人资料修改时，Javascript代码过滤不够严格，XSS代码直接进入数据库 详细说明： 密码保护问题这一项，没有使用正则过滤，其他的的都有正则过滤。我们可以在密码保护问题里输入XSS，但是后台查看会员资料是不显示密码保护问题的，所以这里必须要网站后台添加了新的 “会员注册项”时，后台查看资料就会显示了，此处填入一段引入外部js的代码:" 外部test.js文件内容如下 Ajax.call'privilege.php?act=update','id=1&username=heihei&[email protected]','',"POST","JSON"; 漏洞证明：...

Mollify 1.6 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/43262/info Mollify is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary JavaScript code in the browser of an unsuspecting user in the contex...

CVE-2010-2762

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper aka SJOW implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrom...

WordPress Plugin Events Manager Extended - Persistent Cross-Site Scripting

Author: Craw Email: [email protected] Software Link: http://wordpress.org/extend/plugins/events-manager-extended/ Version: 3.1.2 Category: webapplications ======================================================= + ExploiT 1 : If you are allowed to leave a comment: Persistent XSS Vulnerability: You...

XSS vulnerability in Rumba CMS tags

Vulnerability ID: HTB22591 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinrumbacms.html Product: Rumba CMS Vendor: Rumba Netware Ltd. http://rumbacms.com Vulnerable Version: 2.4 and Probably Prior Versions Vendor Notification: 18 August 2010 Vulnerability Type: Stored XSS Cross Site...

ArtGK Cross Site Scripting

===================================== Vulnerability ID: HTB22588 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinartgkcms1.html Product: ArtGK CMS Vendor: ArtGK http://artgk-cms.ru/ Vulnerable Version: 2009-08-28 16:00:00 and Probably Prior Versions Vendor Notification: 18 August 201...

XSS vulnerability in CompuCMS

Vulnerability ID: HTB22581 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincompucms1.html Product: CompuCMS Vendor: CompuSoft A/S http://www.compusoft.dk/ Vulnerable Version: Current at 06.08.2010 and Probably Prior Versions Vendor Notification: 09 August 2010 Vulnerability Type: XSS...