CVE-2007-3383

CVE-2007-3383 is an XSS flaw in Apache Tomcat’s SendMailServlet (examples/jsp/mail/sendmail.jsp) affecting Tomcat 4.0.0–4.0.6 and 4.1.0–4.1.36. The vulnerability allows remote attackers to inject arbitrary script/HTML via the From field (and possibly other fields) during error-message generation....

CVE-2007-3940

Cross-site scripting XSS vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action. NOTE: some of these details are obtained from third party information...

CVE-2007-3885

CVE-2007-3885 is an XSS vulnerability in husrevforum 1.0.1, affecting philboard_search.asp via the searchterms parameter. The connected documents confirm the affected component and the entry’s cross-site scripting nature, but do not provide remediation steps, exploit details, or version-specific ...

CVE-2007-3017

The CVE-2007-3017 issue affects the activeWeb contentserver CMS (WYSIWYG editor applet). The root cause is insufficient server-side filtering of article content, where malicious tags bypass client-side protections and enable JavaScript injection via a POST to admin/worklist/worklist_edit.asp afte...

CVE-2007-3580

CVE-2007-3580 affects PHPIDS and is described as a vulnerability where certain code containing newlines within a loop (demonstrated by a try/catch block) is not properly handled, enabling user‑assisted remote attackers to inject arbitrary web script. The public records cite this as a cross‑site s...

EUVD-2006-5736

Cross-site scripting XSS vulnerability in modstatus.c in the modstatus module in Apache HTTP Server httpd, when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browser...

CVE-2007-3342

CVE-2007-3342 documents multiple XSS flaws in Movable Type (MT) prior to version 3.34. Attack vectors include (1) a malformed SGML numeric character reference with a null byte in a javascript: URI and (2) an element attribute missing the closing '>' in the start tag. The vulnerability allows r...

CVE-2007-3129

CVE-2007-3129 concerns an XSS vulnerability in Utopia News Pro 1.4.0, specifically in login.php where the password parameter can be exploited to inject script/HTML. The vulnerability is described across multiple sources (NVD, CVE records, and Full-Disclosure material), with exploitation details i...

CVE-2007-3227

Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...

Link Request Contact Form 3.4 Remote Code Execution Vulnerability

No description provided by source. -=--------------------ADVISORY-------------------=- Link Request Contact Form v3.4 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Link Request Contact Form -=+ Version: 3.4 -=+ Vendor's URL:...

Link Request Contact Form 3.4 - Remote Code Execution

Link Request Contact Form 3.4 - Remote Code Execution -=--------------------ADVISORY-------------------=- Link Request Contact Form v3.4 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Link Request Contact Form -=+ Version: 3.4 -=+ Vendor's...

Link Request Contact Form 3.4 Remote Code Execution Vulnerability

Exploit for unknown platform in category web applications ================================================================= Link Request Contact Form 3.4 Remote Code Execution Vulnerability ================================================================= -=+ Application: Link Request Contact For...

lrcf-inject.txt

-=--------------------ADVISORY-------------------=- Link Request Contact Form v3.4 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Link Request Contact Form -=+ Version: 3.4 -=+ Vendor's URL:...

Link Request Contact Form 3.4 - Remote Code Execution

-=--------------------ADVISORY-------------------=- Link Request Contact Form v3.4 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Link Request Contact Form -=+ Version: 3.4 -=+ Vendor's URL:...

Cross site scripting

Cross-site scripting XSS vulnerability in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the title field in an email...

EUVD-2007-2724

Multiple cross-site scripting XSS vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter to view/search/; or the 2 companyname, 3 country, 4 email, 5 firstname, 6 middlename, 7 required, 8 surname, or 9 title parameter to...

CVE-2007-2625

CVE-2007-2625 is an XSS vulnerability in All In One Control Panel (AIOCP) prior to 1.3.016. The flaw resides in shared/code/cp_authorization.php and allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. The entry notes that details are from third-party sources...

CVE-2006-7196

Cross-site scripting (XSS) vulnerability in the calendar example (cal2.jsp) of Apache Tomcat affects 4.0.0–4.0.6, 4.1.0–4.1.31, 5.0.0–5.0.30, and 5.5.0–5.5.15. An attacker can inject arbitrary script via the time parameter to cal2.jsp (and possibly other vectors). This enables script execution in...

CVE-2007-2472

CVE-2007-2472 is an XSS vulnerability in Sendcard 3.4.1 and earlier, affecting sendcard.php where the form parameter can be exploited to inject arbitrary script/HTML. The description notes the vulnerability details come from third-party sources with unknown provenance. Connected documents confirm...

CVE-2007-2245

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the fieldkey parameter to browseforeigners.php or 2 certain input to the PMAsanitize function...