CVE-2014-2689

Cross-site scripting XSS vulnerability in Offiria 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to installer/index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in Offiria 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to installer/index.php...

CVE-2014-2689

Cross-site scripting XSS vulnerability in Offiria 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to installer/index.php...

CVE-2014-3207

Cross-site scripting XSS vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to pks/lookup/undefined1...

CVE-2014-2689

Offiria (vendor Slashes & Dots Sdn Bhd) 2.1.0 and earlier is affected by a reflected XSS via PATH_INFO to /installer/index.php. The vulnerability arises from insufficient sanitisation of user-supplied data in the URI, enabling remote script/HTML execution in the victim’s browser. CVSSv2 base scor...

CVE-2014-3207

CVE-2014-3207 is an XSS vulnerability in SKS Keyserver (wserver.ml) exploitable via PATH_INFO to pks/lookup/undefined1, affecting SKS before v1.1.5. Connected documents confirm the affected package SKS (Fedora 19/20) and indicate a vendor fix upgrading to 1.1.5. The Fedora advisories (FEDORA-2014...

CVE-2014-3138

SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATHINFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of the...

Sql injection

SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3 allows remote authenticated users to execute arbitrary SQL commands via the PATHINFO to /docushare/dsweb/ResultBackgroundJobMultiple/. NOTE: some of the...

CVE-2014-3138

CVE-2014-3138 describes an SQL injection in Xerox DocuShare. The vulnerability affects DocuShare before 6.53 Patch 6 Hotfix 2, 6.6.1 Update 1 before Hotfix 24, and 6.6.1 Update 2 before Hotfix 3, allowing remote authenticated users to execute arbitrary SQL commands via PATH_INFO to /docushare/dsw...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in vBulletin 5.1.1 Alpha 9 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to privatemessage/new/, 2 the folderid parameter to a private message in privatemessage/view, 3 a fragment indicator to /help, or 4 the vie...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 application.js.php in scripts/ or 2 admin.php, 3 copymove.php, 4 functions.php, 5 header.php, or 6...

CVE-2013-5951

Multiple cross-site scripting XSS vulnerabilities in eXtplorer 2.1.3, when used as a component for Joomla!, allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 application.js.php in scripts/ or 2 admin.php, 3 copymove.php, 4 functions.php, 5 header.php, or 6...

CVE-2013-5951

CVE-2013-5951 affects extplorer (2.1.3) used as a Joomla! component. The vulnerability arises from multiple cross-site scripting (XSS) flaws via PATH_INFO in application.js.php, admin.php, copy_move.php, functions.php, header.php, and upload.php (include/ directory). Consequence: remote attackers...

Cross site scripting

Cross-site scripting XSS vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140...

CVE-2012-6430

Cross-site scripting XSS vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140...

CVE-2012-6430

Cross-site scripting XSS vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140...

Cross site scripting

Cross-site scripting XSS vulnerability in classes/controller/error.php in Open Classifieds 2 before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to shared-apartments-rooms/...

CVE-2013-2585

Cross-site scripting XSS vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/...

Cross site scripting

Cross-site scripting XSS vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/...

CVE-2013-2585

Cross-site scripting XSS vulnerability in Atmail Webmail Server 6.6.x before 6.6.3 and 7.0.x before 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php/mail/viewmessage/getattachment/folder/INBOX/uniqueId//filenameOriginal/...