Cross site scripting

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file via the referer parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

PT-2021-11835 · Quest · Quest Policy Authority

Name of the Vulnerable Software and Affected Versions: Quest Policy Authority version 8.1.2.200 Description: The issue allows remote attackers to inject malicious code into the browser via a specially crafted link to the "ReportPreview.do" file using the referer parameter. This affects products...

CVE-2017-17972

packages/subjects/pub/subjects.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?subjecttypeid=xxx request, aka Open Bug Bounty ID OBB-466362...

CVE-2017-17972

packages/subjects/pub/subjects.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?subjecttypeid=xxx request, aka Open Bug Bounty ID OBB-466362...

Adiscon LogAnalyzer <= 4.1.6 XSS Vulnerability - Active Check

Adiscon LogAnalyzer is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Sympa Open Redirect Vulnerability

Sympa is an extensible and highly customizable mailing list software. The software provides multiple templates, custom authentication backends and authentication scripts, and support for various mailing list backends LDAP, SQL, text, list or others. An open redirect vulnerability exists in the...

Archon Cross-Site Scripting Vulnerability

Archon is a system of online catalog sites for manuscript collections at the Maine Maritime Museum. A cross-site scripting vulnerability exists in the packages/core/contact.php file in Archon version 3.21 rev-1. A remote attacker can exploit this vulnerability to inject arbitrary web script or HT...

Design/Logic Flaw

packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503...

Open redirect

Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to 1...

PYSEC-2017-60

Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referer parameter to 1...

Cross-site scripting vulnerability in yxcms Referer parameter

YXcms is a website management system based on PHP+MySql with a lightweight MVC design model. A cross-site scripting vulnerability exists in the Referer parameter on the yxcms\protected\apps\member\controller\indexController.php page in yxcms V1.4. Because the program does not filter the...

WordPress Welcart plugin cross-site scripting vulnerability (CNVD-2015-05021)

WordPress is a set of WordPress Software Foundation blogging platform developed using the PHP language, the platform supports in PHP and MySQL servers to set up a personal blog site.Welcart is one of the e-commerce plug-ins. A cross-site scripting vulnerability exists in versions of the WordPress...

Welcart vulnerable to cross-site scripting

Overview Welcart provided by Collne Inc. is a WordPress plugin for creating shopping websites. Welcart contains a cross-site scripting CWE-79 vulnerability due to the processing of uscesreferer parameter in admin.php. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the...

CVE-2015-3921

Cross-site scripting XSS vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter...

CVE-2015-3921

Cross-site scripting XSS vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 allows remote authenticated users to inject arbitrary web script or HTML via the referer parameter...

Multiple Cross-Site Scripting Vulnerabilities in poMMo Aardvark

poMMo Aardvark is a PHP-based mass mailing software. poMMo Aardvark PR16.1 suffers from multiple cross-site scripting vulnerabilities that allow remote attackers to send mass emails via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupna...

CVE-2011-5299

Multiple cross-site scripting XSS vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via 1 the referer parameter to index.php, 2 the sitename parameter to admin/setup/config/general.php, 3 the groupname parameter to...

SiT! Support Incident Tracker 3.64 XSS / CSRF / SQL Injection

Advisory Details: High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in SiT! Support Incident Tracker, which can be exploited to perform SQL injection, cross-site scripting, cross-site request forgery attacks. 1 Input passed via the "start" GET parameter to...

SiT! Support Incident Tracker 3.64 XSS / XSRF / SQL Injection

Vulnerability ID: HTB23043 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinsitsupportincidenttracker.html Product: SiT! Support Incident Tracker Vendor: The Support Incident Tracker Project http://sitracker.org/ Vulnerable Version: 3.64 and probably prior Tested Version: 3.64...

CVE-2009-4717

Multiple cross-site scripting XSS vulnerabilities in Gonafish WebStatCaffe allow remote attackers to inject arbitrary web script or HTML via the 1 host parameter to stat/host.php, nodayshow parameter to 2 mostvisitpage.php and 3 visitorduration.php in stat/, 4 nopagesmost parameter to...