NewsGlue and Ikinari Jijyoutsuu arbitrary script execution vulnerability

Overview NewsGlue and Ikinari Jijyoutsuu are RSS readers. An arbitrary script embedded in RSS feeds could be executed in either of the RSS readers, as they fail to handle the output of RSS information properly. Impact An arbitrary script could be executed in NewsGlue or Ikinari Jijyoutsuu...

Overlay Weaver cross-site scripting vulnerability

Overview Overlay Weaver is software for constructing and emulating overlay network. Overlay Weaver's DHT shell contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

Lunascape RSS reader arbitrary script execution vulnerability

Overview A vulnerability exists in the web browser Lunascape's RSS reader. An arbitrary script embedded in RSS feeds could be executed as the output of RSS information is not properly handled. Impact Arbitrary JavaScript could be executed within Lunascape's RSS reader. Solution None...

Meneame cross-site scripting vulnerability

Overview Meneame, an open source social bookmark system, contains a cross-site scripting vulnerability. Meneame, an open-source web application to build social bookmark systems, contains a cross-site scripting vulnerability, as it does not properly handle output data. Impact A remote attacker cou...

Internet Explorer vulnerable in MHTML handling

Overview Internet Explorer is vulnerable in handling MHTML MIME Encapsulation of Aggregate HTML protocol, which allows an arbitrary script execution. When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual...

Apache Tomcat sample web application cross-site scripting vulnerability

Overview Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability in its sample program. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. jsp-examples, a sample web application...

rktSNS cross-site scripting vulnerability

Overview rktSNS, an open source social networking service engine provided by rakuto.net, contains a cross-site scripting vulnerability. rktSNS, provided by rakuto.net, is open source software for community site construction. rktSNS contains a cross-site scripting vulnerability. Impact An arbitrar...

sHTTPd cross-site scripting vulnerability

Overview sHTTPd, from Uchu Ninja Neko-dan, contains a cross-site scripting vulnerability. sHTTPd from Uchu Ninja Neko-dan is a web server for Windows. sHTTPd contains a cross-site scripting vunerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...

Tuigwaa cross-site scripting vulnerability

Overview Tuigwaa, from the Tuigwaa Project, contains a cross-site scripting vulnerability. Tuigwaa from the Tuigwaa Project is open source software to develop web applications. Tuigwaa contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web...

Lotus Domino cross-site scripting vulnerability

Overview IBM Lotus Domino contains a cross-site scripting vulnerability. IBM Lotus Domino is server software for Lotus Notes, groupware from IBM. Lotus Domino contains a cross-site scripting vulnerability. Impact An attacker could execute an arbitrary script on the web browser of a user who...

Cross-site scripting vulnerability in updir.php in UPDIR.NET

Overview updir.php in UPDIR.NET contains a cross-site scripting vulnerability in the full-text search and file upload functions. updir.php from UPDIR.NET is software for publishing and managing image files, etc. on web servers. By installing updir.php on a web server, users are able to upload ima...

Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"

Overview modimap and modimagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting. The Apache HTTP Server is open source web server software. The Apache HTTP Server modules modimap and modimagemap provide server-side imagemap processing capability. The Apache HTTP Server...

Google Web Toolkit vulnerable to cross-site scripting

Overview Google Web Toolkit GWT is vulnerable to cross-site scripting. Google Web Toolkit GWT is an open source software development framework that allows web developers to create Ajax applications in Java. The benchmark reporting system in GWT is vulnerable to cross-site scripting. Impact An...

CGI RESCUE WebFORM vulnerable to HTTP header injection

Overview WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers. Impact Falsified information may be displayed or an arbitrary scri...

Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...

CGI RESCUE WebFORM vulnerable to cross-site scripting

Overview WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability. Impact An abitrary script may be executed on the user's web browser. Solution None...

Sage vulnerable to arbitrary script execution

Overview Sage is an RSS and Atom feed reader extension for Mozilla Firefox. If a malicious script is embedded in an RSS feed, Sage does not properly handle the data, which may allow an arbitrary script to be executed on a user's web browser. Impact An arbitrary script may be executed on Mozilla...

open-gorotto cross-site scripting vulnerability

Overview open-gorotto, open source software to create members-only community sites, contains a cross-site scripting vulnerability, as it does not properly handle output of usernames. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is...

WebCart cross-site scripting vulnerability

Overview WebCart, provided by CGI's, contains a cross-site scripting vulnerability. WebCart provided by CGI's is shopping cart software. WebCart's management interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...

HttpLogger vulnerable to cross-site scripting

Overview KLab HttpLogger is vulnerable to cross-site scripting. Klab HttpLogger is full-text search software for web browser histories. HttpLogger is vulnerable to cross-site scripting. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the...