374 matches found
Cloud4Wi Splash Portal Cross-Site Scripting Vulnerability
Cloud4Wi is a suite of customer Wi-Fi service platforms from Cloud4Wi, Inc. in the U.S. Splash Portal is one of the Wi-Fi portals. A cross-site scripting vulnerability exists in Splash Portal in Cloud4Wi versions prior to 5.9.7. A remote attacker can exploit this vulnerability to inject arbitrary...
cargo-ni.co.rs XSS vulnerability
Vulnerable URL: http://www.cargo-ni.co.rs/register.asp?mess=1"...
WordPress Tribulant Slideshow Gallery Plugin Cross-Site Scripting Vulnerability
Tribulant Slideshow Gallery is an application plugin available on the official WordPress Store that provides JavaScript-based sliding photo albums. A cross-site scripting vulnerability exists in the WordPress Tribulant Slideshow Gallery plugin where the Gallerymessage parameter submitted to the...
Wordpress Plugin Single Personal Message SQL Injection Vulnerability
WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A SQL injection vulnerability exists in the message parameter of the admin.php page of the Wordpress plugin Sing...
mimafoto.se XSS vulnerability
Vulnerable URL: http://www.mimafoto.se/sections/prophoto/key.php?message=...
fotofr.se XSS vulnerability
Vulnerable URL: http://www.fotofr.se/sections/prophoto/key.php?message= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 VIP website...
Multiple Cross-Site Scripting Vulnerabilities in TTChat
TTChat is a suite of professional video entertainment software from TigerTom.Com in the UK. TTChat 1.0.4 suffers from multiple cross-site scripting vulnerabilities that allow remote attackers to inject arbitrary web script or HTML via the username parameter msg parameter to defaultphp or...
CVE-2014-5458
SQL injection vulnerability in sqrlverify.php in php-sqrl allows remote attackers to execute arbitrary SQL commands via the message parameter...
CVE-2014-4568
Cross-site scripting XSS vulnerability in posts/videowhisper/rlogout.php in the Video Posts Webcam Recorder plugin 1.55.4 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the message parameter...
myBloggie 2.1.2/2.1.3 addcat.php errormsg Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17048/info MyBloggie is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...
SecurityCenter devform.php message Parameter XSS
The version of Tenable Network Security SecurityCenter installed on the remote host contains the 'devform.php' script. This PHP script is affected by a cross-site scripting vulnerability because the application does not properly validate user-supplied input to the 'message' parameter. An attacker...
PT-2013-5746 · Videowhisper · Videowhisper Live Streaming Integration
Name of the Vulnerable Software and Affected Versions: VideoWhisper Live Streaming Integration plugin versions 4.25.3 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via the name or message parameter in the ls/htmlchat.php file. This can lead to...
CVE-2013-4098
The CVE-2013-4098 entry concerns DS3 Authentication Server, where ServerAdmin/ErrorViewer.jsp accepts a message parameter that can be used to inject arbitrary error-page text. The public descriptions (NVD, Red Hat, CVE record) repeat this flaw, and an OpenVAS plugin notes DS3 has multiple vulnera...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in php ireport 1.0 allow remote attackers to inject arbitrary web script or HTML via the message parameter to 1 messagesviewer.php, 2 home.php, or 3 history.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in login.php in NexorONE Online Banking allow remote attackers to inject arbitrary web script or HTML via the 1 visitorlanguage parameter to register.php or 2 message parameter...
CVE-2009-4939
Multiple cross-site scripting XSS vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the 1 uid parameter, 2 uid parameter in a loginlookup action, 3 uid parameter in an adminlogin action, 4 campaignid parameter in a createcampaign actio...
CVE-2010-2355
The CVE-2010-2355 entry describes a Cross-site scripting (XSS) vulnerability in error.php of Pilot Group (PG) eLMS Pro. The flaw allows remote attackers to inject arbitrary web script or HTML via the message parameter, potentially affecting any user who views the compromised page. The NVD details...
CVE-2010-0706
Cross-site scripting XSS vulnerability in the login/prompt component in Subex Nikira Fraud Management System allows remote attackers to inject arbitrary web script or HTML via the message parameter...
CVE-2010-0706
Cross-site scripting XSS vulnerability in the login/prompt component in Subex Nikira Fraud Management System allows remote attackers to inject arbitrary web script or HTML via the message parameter...
PT-2009-5538 · Freewebscriptz · Freewebscriptz Honest Traffic
Name of the Vulnerable Software and Affected Versions: FreeWebScriptz Honest Traffic FWSHT versions 1.x Description: The issue is related to a cross-site scripting XSS vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the msg parameter in the...