Cross site scripting

Cross-site scripting XSS vulnerability in Fritz Berger yet another php photo album - next generation yappa-ng allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI...

CVE-2008-6515

Cross-site scripting XSS vulnerability in Fritz Berger yet another php photo album - next generation yappa-ng allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI...

Cross site scripting

Cross-site scripting XSS vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI...

CVE-2008-6500

Cross-site scripting XSS vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI...

CVE-2008-6500

Cross-site scripting XSS vulnerability in CodeToad ASP Shopping Cart Script allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI...

CVE-2008-6406

Cross-site scripting XSS vulnerability in admin.php in DataLife Engine DLE 7.2 allows remote attackers to inject arbitrary web script or HTML via the query string...

Directory traversal

cgi-bin/welcome/VPNonly in the web interface in Netgear SSL312 allows remote attackers to cause a denial of service device crash via a crafted query string, as demonstrated using directory traversal sequences...

CVE-2008-6200

Multiple cross-site scripting XSS vulnerabilities in Swiki 1.5 allow remote attackers to inject arbitrary web script or HTML via 1 the query string and 2 a new wiki entry...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Swiki 1.5 allow remote attackers to inject arbitrary web script or HTML via 1 the query string and 2 a new wiki entry...

CVE-2008-6200

Multiple cross-site scripting XSS vulnerabilities in Swiki 1.5 allow remote attackers to inject arbitrary web script or HTML via 1 the query string and 2 a new wiki entry...

CVE-2009-0468

Multiple cross-site request forgery CSRF vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that 1 shutdown the server, 2 send ping packets, 3 enable network services, 4 configure a...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that 1 shutdown the server, 2 send ping packets, 3 enable network services, 4 configure a...

phpwind V7. 0 XSS vulnerabilities-vulnerability warning-the black bar safety net

http://site/upload2/admin.php?adminjob=%22%3E%3Cscript%3Ealert%27hiphop%2 7%3C/script%3E ! $REQUESTURI = $SERVER'PHPSELF'.'?'.$ SERVER'QUERYSTRING'; $windversion = '7.0'; $windrepair = "; From the outside any QUERYSTRING didn't do the filter leads to vulnerability ============================== S...

DEBIAN-CVE-2008-5080

awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting XSS attacks via the querystring parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714...

PT-2008-6232 · Awstats · Awstats

Name of the Vulnerable Software and Affected Versions: AWStats versions 6.8 and earlier Description: The issue allows remote attackers to conduct cross-site scripting XSS attacks via the query string parameter, due to the incomplete removal of quote characters by awstats.pl. This problem exists...

FreeBSD : flyspray -- multiple vulnerabilities (9d3020e4-a2c4-11dd-a9f9-0030843d3802)

The Flyspray Project reports : Flyspray is affected by a Cross Site scripting Vulnerability due to an error escaping PHP's $SERVER'QUERYSTRING' superglobal, that can be maliciously used to inject arbitrary code into the savesearch JavaScript function. There is an XSS problem in the history tab, t...

CVE-2008-4725

Cross-site scripting XSS vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database aka md.dat, a different vector than CVE-2008-4696. NOTE: some of these...

CVE-2008-4725

Cross-site scripting XSS vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database aka md.dat, a different vector than CVE-2008-4696. NOTE: some of these...

Cross site scripting

Cross-site scripting XSS vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database aka md.dat, a different vector than CVE-2008-4696. NOTE: some of these...

CVE-2008-4725

CVE-2008-4725 describes a Cross-site scripting (XSS) vulnerability in Opera 9.52 related to History Search where query-string data is not properly escaped before storage in md.dat. The issue allows remote attackers to inject scripts via History Search results. Connected sources confirm Opera 9.52...