CVE-2010-1515

Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 article-id parameter in conjunction with a /admin/news/article/list PATHINFO; the 3 keyword parameter in conjunction...

CVE-2010-2260

Multiple cross-site scripting XSS vulnerabilities in Gambit Design Bandwidth Meter, 0.72 and possibly 1.2, allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 viewbyname.php or 2 viewbyip.php in admin/. NOTE: some sources report that the affected product is ShaPlus...

CVE-2010-2260

CVE-2010-2260 affects Gambit Design Bandwidth Meter (versions 0.72 and possibly 1.2). The vulnerability is listed as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via PATH_INFO to admin/view_by_name.php or admin/view_by_ip.php. The av...

Sql injection

SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATHINFO...

CVE-2010-1994

SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATHINFO...

CVE-2010-1994

TomatoCMS is affected by a SQL injection in the /news/search handler. The vulnerability is triggered via the q parameter (e.g., q=) and creates injectable SQL in conjunction with the PATH_INFO /news/search. Affects TomatoCMS prior to 2.0.5; 2.0.5 fixes the issue, with the vulnerability reappearin...

CVE-2009-4861

Cross-site scripting XSS vulnerability in shownews.php in SupportPRO SupportDesk 3.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

Cross site scripting

Cross-site scripting XSS vulnerability in shownews.php in SupportPRO SupportDesk 3.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2009-4861

CVE-2009-4861 : A cross-site scripting (XSS) vulnerability in SupportPRO SupportDesk 3.0’s shownews.php allows injecting arbitrary script/HTML via PATH_INFO. Affected component is the shownews.php handling in SupportDesk 3.0; root cause is unvalidated PATH_INFO input leading to script injection. ...

Cross site scripting

Cross-site scripting XSS vulnerability in editors/logindialogue.php in SBD Directory Software 4.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2010-1357

Cross-site scripting XSS vulnerability in editors/logindialogue.php in SBD Directory Software 4.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2009-4714

Cross-site scripting XSS vulnerability in the quiz module for XOOPS Celepar allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to cadastrousuario.php...

CVE-2009-4699

Multiple cross-site scripting XSS vulnerabilities in SkaDate Dating allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 admin/auth.php and 2 fileuploader.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 index.php, 2 inc/login.php, 3 admin/index.php, and 4 admin/forgot.php...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2010-0941

Multiple cross-site scripting XSS vulnerabilities in eTek Systems Hit Counter 2.0 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 index.php, 2 inc/login.php, 3 admin/index.php, and 4 admin/forgot.php...

CVE-2009-4678

Cross-site scripting XSS vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2009-4678

Winn Guestbook 2.4 is affected by a Cross-site scripting (XSS) vulnerability in index.php, exploitable via PATH_INFO to inject arbitrary web script or HTML. The provided documents identify the vulnerable component as Winn Guestbook 2.4 (index.php) and the exploit vector PATH_INFO but do not inclu...

CVE-2009-4678

Cross-site scripting XSS vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2010-0636

Multiple cross-site scripting XSS vulnerabilities in WebCalendar 1.2.0, and other versions before 1.2.5, allow remote attackers to inject arbitrary web script or HTML via the 1 tab parameter to users.php and the PATHINFO to 2 day.php, 3 month.php, and 4 week.php. NOTE: some of these details are...