1085 matches found
CVE-2008-4725
CVE-2008-4725 describes a Cross-site scripting (XSS) vulnerability in Opera 9.52 related to History Search where query-string data is not properly escaped before storage in md.dat. The issue allows remote attackers to inject scripts via History Search results. Connected sources confirm Opera 9.52...
CVE-2008-4725
Cross-site scripting XSS vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database aka md.dat, a different vector than CVE-2008-4696. NOTE: some of these...
Cross site scripting
Cross-site scripting XSS vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2008-4140
Cross-site scripting XSS vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string...
CVE-2008-4140
CVE-2008-4140 is an XSS vulnerability in Quick.Cart 3.1, exploitable via the query string to admin.php. The issue arises from unsanitized input in the admin.php handling, allowing remote attackers to inject arbitrary web script or HTML. The CVE’s context indicates the vulnerability affects Quick....
CVE-2008-4139
Cross-site scripting XSS vulnerability in admin.php in OpenSolution Quick.Cms.Lite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query string...
PT-2008-5439
Name of the Vulnerable Software and Affected Versions Quick.Cart version 3.1 Description A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the query string in the admin.php file. Recommendations For Quick.Cart version...
Fixed in Apache Tomcat 5.5.27
Low: Cross-site scripting CVE-2008-1232 The message argument of HttpServletResponse.sendError call is not only displayed on the error page, but is also used for the reason-phrase of HTTP response. This may include characters that are illegal in HTTP headers. It is possible for a specially crafted...
CVE-2008-3906
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string...
CVE-2008-3906
CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string...
CVE-2008-3842
Request Validation aka the ValidateRequest filters in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting XSS attacks, as demonstrated by a query string containing a "/"...
CVE-2008-3714
Cross-site scripting XSS vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the querystring, a different vulnerability than CVE-2006-3681 and CVE-2006-1945...
DEBIAN-CVE-2008-3714
Cross-site scripting XSS vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the querystring, a different vulnerability than CVE-2006-3681 and CVE-2006-1945...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Mambo 4.6.2 and 4.6.5, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 query string to mambots/editors/mostlyce/jscripts/tinymce/filemanager/connectors/php/connector.php and the 2...
CVE-2008-3712
Multiple cross-site scripting XSS vulnerabilities in Mambo 4.6.2 and 4.6.5, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 query string to mambots/editors/mostlyce/jscripts/tinymce/filemanager/connectors/php/connector.php and the 2...
JBossEAP status servlet info leak
JBoss Enterprise Application Platform aka JBossEAP or EAP before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string...
Directory traversal
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. d...
CVE-2008-3315
Multiple cross-site scripting XSS vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the 1 query string to a announcements/messages.php; b lostPassword.php and c profile.php in auth/; d calendar/myagenda.php; e group/group.php; f learningPath.php...
CVE-2008-3315
Multiple cross-site scripting XSS vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the 1 query string to a announcements/messages.php; b lostPassword.php and c profile.php in auth/; d calendar/myagenda.php; e group/group.php; f learningPath.php...
CVE-2007-3650
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via 1 an invalid year parameter to calendar.php, reached through index.php; 2 a direct request to common.php; and 3 a mode array parameter in the query string to login.php, which reveal the installation path in vario...