Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Elxis CMS 2008.1 revision 2204 allows remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO or the 2 option, 3 Itemid, 4 id, 5 task, 6 bid, and 7 contactid parameters. NOTE: the error might be located in...

Cross site scripting

Cross-site scripting XSS vulnerability in Accellion File Transfer FTA70135 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to courier/forgotpassword.html...

mod_perl PerlRun denial of service

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

Sql injection

Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote attackers to execute arbitrary SQL commands via 1 the id parameter to visit.php, or the PATHINFO to the default URI under 2 report/, 3 addreview/, or 4 refer/...

CVE-2008-3566

Cross-site scripting XSS vulnerability in ZoneO-soft freeForum 1.7 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter to 1 the default URI or 2 index.php, or 3 the PATHINFO to index.php. NOTE: the provenance of this information is unknown; the details are...

CVE-2008-3566

CVE-2008-3566 describes a cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7. The issue allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter to (1) the default URI, (2) index.php, or (3) the PATH_INFO to index.php. The available documents con...

CVE-2008-3184

Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.10 PL2 and earlier, and 3.7.2 and earlier 3.7.x versions, allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO PHPSELF or 2 the do parameter, as demonstrated by requests to upload/admincp/faq.php. NOTE:...

CVE-2008-2987

Multiple cross-site scripting XSS vulnerabilities in Benja CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 admineditsubmenu.php, 2 adminnewsubmenu.php, and 3 adminedittopmenu.php in admin/...

CVE-2008-2783

Multiple cross-site scripting XSS vulnerabilities in Horde Groupware, Groupware Webmail Edition, and Kronolith allow remote attackers to inject arbitrary web script or HTML via the timestamp parameter to 1 week.php, 2 workweek.php, and 3 day.php; and 4 the horde parameter in the PATHINFO to the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in 427BB 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to a register.php, b reminder.php, and c search.php; the 2 uname, 3 email, and 4 email2 parameters to register.php; the 5 email parameter to...

CVE-2008-2561

Multiple cross-site scripting XSS vulnerabilities in 427BB 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to a register.php, b reminder.php, and c search.php; the 2 uname, 3 email, and 4 email2 parameters to register.php; the 5 email parameter to...

CVE-2008-2561

The CVE-2008-2561 entry documents multiple cross-site scripting (XSS) vulnerabilities in 427BB version 2.3.1. The flaws allow remote attackers to inject arbitrary script/HTML via these vectors: PATH_INFO to register.php, reminder.php, and search.php; the uname, email, and email2 parameters to reg...

CVE-2008-2496

Multiple cross-site scripting XSS vulnerabilities in Quate CMS 0.3.4 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 index.php, 2 login.php, and 3 credits.php in admin/, and 4 upgrade/index.php...

Cross site scripting

Cross-site scripting XSS vulnerability in the Web GUI in SAP Web Application Server WAS 7.0, Web Dynpro for ABAP aka WD4A or WDA, and Web Dynpro for BSP allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI under bc/gui/sap/its/webgui/...

CVE-2008-2146

wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATHINFO $PHPSELF, which allows remote attackers to bypass intended access restrictions for certain pages...

CVE-2008-2146

wp-includes/vars.php in Wordpress before 2.2.3 does not properly extract the current path from the PATHINFO $PHPSELF, which allows remote attackers to bypass intended access restrictions for certain pages...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in BolinOS 4.6.1 allow remote attackers to inject arbitrary web script or HTML via the 1 url parameter to a system/actionspages/b/contentFiles/gBImageViewer.php, 2 ForEditor parameter to b system/actionspages/b/contentFiles/gBselectorContents.php,...

CVE-2008-1556

Multiple cross-site scripting XSS vulnerabilities in BolinOS 4.6.1 allow remote attackers to inject arbitrary web script or HTML via the 1 url parameter to a system/actionspages/b/contentFiles/gBImageViewer.php, 2 ForEditor parameter to b system/actionspages/b/contentFiles/gBselectorContents.php,...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO or 2 the q parameter in an about action to the help system...

CVE-2008-1347

Multiple cross-site scripting XSS vulnerabilities in staticpages/easygallery/index.php in MyioSoft EasyGallery 5.0tr and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO or 2 the q parameter in an about action to the help system...