Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart

Advisory ID: HTB23135 Product: Quick.Cms, Quick.Cart Vendor: OpenSolution team Vulnerable Versions: Quick.Cms 5.0, Quick.Cart 6.0 and probably prior Tested Version: Quick.Cms 5.0, Quick.Cart 6.0 Vendor Notification: December 19, 2012 Vendor Patch: December 20, 2012 Public Disclosure: January 9,...

Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart

High-Tech Bridge Security Research Lab discovered XSS vulnerability in Quick.Cms and Quick.Cart - two products developed by OpenSolution team, which can be exploited to perform cross-site scripting attacks. 1. Cross-Site Scripting XSS vulnerability in Quick.Cms and Quick.Cart: CVE-2012-6430 The...

Scientific Linux Security Update : firefox on SL5.x, SL4.x i386/x86_64

A cross-site scripting flaw was found in the way Firefox handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running Firefox. CVE-2007-5947 Several flaws were found in the way Firefox processed certain...

Scientific Linux Security Update : seamonkey on SL4.x, SL3.x i386/x86_64

A cross-site scripting flaw was found in the way SeaMonkey handled the jar: URI scheme. It was possible for a malicious website to leverage this flaw and conduct a cross-site scripting attack against a user running SeaMonkey. CVE-2007-5947 Several flaws were found in the way SeaMonkey processed...

CVE-2012-3848

Multiple cross-site scripting XSS vulnerabilities in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to d4d/exporters.php, 2 the HTTP Referer header to d4d/exporters.php, or 3...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the web console in Plixer Scrutinizer aka Dell SonicWALL Scrutinizer before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to d4d/exporters.php, 2 the HTTP Referer header to d4d/exporters.php, or 3...

DomsHttpd DoS

Crash on Referer: header processing...

CVE-2011-5073

Multiple cross-site scripting XSS vulnerabilities in Support Incident Tracker aka SiT! before 3.65 allow remote attackers to inject arbitrary web script or HTML via the 1 mode parameter to contactsupport.php; 2 contractid parameter to contractaddservice.php; 3 user parameter to editbackupusers.ph...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...

CVE-2011-3835

Multiple cross-site scripting XSS vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to 1 admin/login.php and 2 admin/404.php; the 3 q parameter to search.php; the 4 themename parameter to themesettings.php, 5 extensionname parameter ...

PT-2011-4990 · WordPress · Seo Redirection Plugin

Name of the Vulnerable Software and Affected Versions: Redirection plugin version 2.2.9 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities are located in the view/admin/log item.php and view/admin/log item details.php files of the Redirection...

Netvolution 2.5.8 - 'referer' Header SQL Injection

source: https://www.securityfocus.com/bid/49918/info Netvolution is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify...

Netvolution 2.5.8 - referer Header SQL Injection

Netvolution 2.5.8 - referer Header SQL Injection source: https://www.securityfocus.com/bid/49918/info Netvolution is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker ...

CVE-2011-1062

Multiple cross-site scripting XSS vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the 1 sContext, 2 sort, 3 dir, and 4 show parameters in a save action to index.php; the 5 dir and 6 show parameters to printlist.php;...

TaskFreak! 0.6.4 - 'rss.php' HTTP Referer Header Cross-Site Scripting

source: https://www.securityfocus.com/bid/46350/info TaskFreak! is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an...

Splunk 'Referer' Header Cross-Site Scripting Vulnerability

This host is running Splunk and is prone to Cross-Site Scripting vulnerability. OpenVAS Vulnerability Test $Id: gbsplunkxssvuln.nasl 5373 2017-02-20 16:27:48Z teissa $ Splunk 'Referer' Header Cross-Site Scripting Vulnerability Authors: Sooraj KS Copyright: Copyright c 2010 Greenbone Networks GmbH...

Design/Logic Flaw

WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to 1 admin/adminconfig.php, 2 admin/adminmodules.php, 3 delete.php, 4 editlink.php, 5 submit.php, 6 submitgroups.php, 7...

CVE-2010-0660

Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging...

Hardcoded credentials

Google Chrome before 4.0.249.78 sends an https URL in the Referer header of an http request in certain circumstances involving https to http redirection, which allows remote HTTP servers to obtain potentially sensitive information via standard HTTP logging...