217 matches found
CVE-2015-2083
Cross-site request forgery CSRF vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php...
CVE-2015-2083
Cross-site request forgery CSRF vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields request to admin.php...
SA-CONTRIB-2015-022 - nodeauthor - Cross Site Scripting (XSS) - Unsupported
This module displays node author information in a jQuery slider. The module doesn't sufficiently sanitize Profile2 fields in a provided block. This vulnerability is mitigated by the fact that an attacker must have a user account allowed to edit profile fields. CVE identifiers issued CVE-2015-3365...
CustomCMS Persistent XSS Vulnerability
No description provided by source. 1 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 vendor URL :http://customcms.net/ Price:55$ Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd...
CVE-2007-5564
Multiple cross-site scripting XSS vulnerabilities in NSSboard formerly Simple PHP Forum 6.1 allow remote attackers to inject arbitrary web script or HTML via 1 HTML tags when BBcode is disabled; or the 2 user, 3 email, or 4 Real Name fields in a profile...
CVE-2007-5564
Multiple cross-site scripting XSS vulnerabilities in NSSboard formerly Simple PHP Forum 6.1 allow remote attackers to inject arbitrary web script or HTML via 1 HTML tags when BBcode is disabled; or the 2 user, 3 email, or 4 Real Name fields in a profile...
CVE-2007-4912
Cross-site scripting XSS vulnerability in ipskernel/classajax.php in Invision Power Board IPB or IP.Board 2.3.1 up to 20070912 allows remote attackers to inject arbitrary web script or HTML into user profile fields via unspecified vectors related to character sets other than iso-8859-1 or utf-8...
CVE-2006-7059
Multiple cross-site scripting XSS vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities &0000039 in IMG tags to 1 messages, 2 profile fields, or 3 the id parameter in a dologin operation to cindex.php...
CVE-2006-7059
Multiple cross-site scripting XSS vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities &0000039 in IMG tags to 1 messages, 2 profile fields, or 3 the id parameter in a dologin operation to cindex.php...
CVE-2006-7023
Multiple cross-site scripting XSS vulnerabilities in fx-APP 0.0.8.1 allow remote attackers to inject arbitrary HTML or web script via 1 the search box, and the 2 url, 3 website, 4 comment, and 5 signature fields in the profile, and possibly 6 a menu item...
CVE-2006-6820
myprofile.asp in Enthrallweb eCoupons does not properly validate the MMrecordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MMrecordId parameter...
CVE-2006-6821
myprofile.asp in Enthrallweb eNews does not properly validate the MMrecordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MMrecordId parameter...
CVE-2006-6822
myprofile.asp in Enthrallweb eClassifieds does not properly validate the MMrecordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MMrecordId parameter...
CVE-2006-3327
Cross-site scripting XSS vulnerability in Custom dating biz dating script 1.0 allows remote attackers to inject arbitrary web script or HTML via the 1 sn20specialcases parameter "Special Cases" field in profile/mini.php, 2 tyxx01albumname parameter "Album Name" field in profile/photocreate.php, a...
CVE-2006-1810
Multiple cross-site scripting XSS vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to inject arbitrary web script or HTML via the 1 ICQ, 2 AIM, 3 MSN, 4 Google Talk, 5 Website Name, 6 Website Address, 7 Email Address, 8 Location, 9 Signature, and 10 Sub-Titles fields in the user profil...
CVE-2004-1716
Cross-site scripting XSS vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the 1 IRC Server or 2 AIM ID fields in the user profile...
PHPReactor 1.2.7 - Style Attribute HTML Injection
PHPReactor 1.2.7 - Style Attribute HTML Injection source: https://www.securityfocus.com/bid/5569/info phpReactor does not sufficiently sanitize HTML from various fields such as in the body of a message or in profile fields. It is possible to inject arbitrary HTML and script code into these fields...