ATutor cross-site scripting vulnerability

Overview ATutor, an open source e-learning content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Authentication information could be stolen as a result. Solution None...

NetCommons cross-site scripting vulnerability

Overview NetCommons is an open source content management system, combining e-learning and groupware functionality. NetCommons is developed and distributed by the NetCommons Project. NetCommons contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's...

Apache Tomcat sample web application cross-site scripting vulnerability

Overview Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability in its sample program. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. jsp-examples, a sample web application...

NetCommons cross-site scripting vulnerability

Overview NetCommons from the NetCommons Project contains a cross-site scripting vulnerability. NetCommons from the NetCommons Project is an open source content management system which provides e-learning and groupware functions. NetCommons contains a cross-site scripting vulnerability. This...

HttpLogger vulnerable to cross-site scripting

Overview KLab HttpLogger is vulnerable to cross-site scripting. Klab HttpLogger is full-text search software for web browser histories. HttpLogger is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the...

MailDwarf cross-site scripting vulnerability

Overview MailDwarf is a mail form CGI provided by HTML Dwarf. MailDwarf contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...

Lunascape RSS reader arbitrary script execution vulnerability

Overview A vulnerability exists in the web browser Lunascape's RSS reader. An arbitrary script embedded in RSS feeds could be executed as the output of RSS information is not properly handled. Impact Arbitrary JavaScript could be executed within Lunascape's RSS reader. Solution None...

Nessus report function vulnerable to arbitrary script execution

Overview Nessus scanning report in HTML format contains the target server's responses against Nessus scanning. Nessus fails to properly handle the responses. This may cause a script to be executed on a user's web browser when the user views the report. Nessus, a vulnerability scanner from Tenable...

Wiki clone cross-site scripting vulnerability

Overview Some Wiki clones contain a vulnerability which could lead to cross-site scripting in their file attachment function. This could allow an attacker to execute an arbitrary script on the browser of a Wiki user. Impact An arbitrary script may be executed on the browser of the user who viewed...

desknet's buffer overflow vulnerability

Overview destnet's contains multiple vulnerability. A malicious script may be executed when an user views a crafted HTML email or information. destnet's contains multiple vulnerability. - A malicious script may be executed when the user views an crafted HTML email or information. - A script writt...

Cross-site scripting vulnerability in multiple Tor World CGI scripts

Overview Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script can be...

Cross-site scripting vulnerabilities in multiple Bluemoon Inc. XOOPS modules

Overview Mutiple Bluemoon Inc. XOOPS modules are vulnerable to cross-site scripting. Mutiple modules provided by Blumoon Inc. for XOOPS 2.0.x / XOOPS Cube 2.1 / ImpressCMS are vulnerable to cross-site scripting. Yosuke Yamada and Hirohisa Yamaguchi of NetAgent Co., Ltd. reported this vulnerabilit...

Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...

MouseoverDictionary vulnerable to arbitrary script execution

Overview MouseoverDictionary, an add-on for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an arbitrary script. MouseoverDictionary, an add-on mouseover English-Japanese dictionary for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an...

Phorum cross-site scripting vulnerability

Overview Phorum, an open source message board system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

TikiWiki cross-site scripting vulnerability

Overview TikiWiki, one of Wiki clones, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

Serene Bach cross-site scripting vulnerability

Overview Serene Bach, a weblog management tool from SerendipityNZ Limited, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Also, session information or credential information kept in a cookie could be leaked. Solution None...

Interstage Application Server cross-site scripting vulnerability

Overview The Servlet Service for Interstage Business Application and the Servlet Service for Interstage Management Console may be referred to as "Servlet Service for Interstage Operation Management" in certain versions included in the Interstage product series from Fujitsu contain a cross-site...

NewsGlue and Ikinari Jijyoutsuu arbitrary script execution vulnerability

Overview NewsGlue and Ikinari Jijyoutsuu are RSS readers. An arbitrary script embedded in RSS feeds could be executed in either of the RSS readers, as they fail to handle the output of RSS information properly. Impact An arbitrary script could be executed in NewsGlue or Ikinari Jijyoutsuu...

Trac cross-site scripting vulnerability

Overview Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability. Impact A remote attacker could possibly execute an arbitrary script on the user's web browser. Solution...