[SA16062] Mozilla Thunderbird XBL Controls Script Execution Vulnerability

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

FreeBSD : bugzilla -- XSS vulnerability (97c3a452-6e36-11d9-8324-000a95bc6fae)

A Bugzilla advisory states : This advisory covers a single cross-site scripting issue that has recently been discovered and fixed in the Bugzilla code: If a malicious user links to a Bugzilla site using a specially crafted URL, a script in the error page generated by Bugzilla will display the URL...

AutoIndex PHP Script 1.5.2 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14154/info AutoIndex PHP Script is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...

Mensajeitor 1.8.9 - IP HTML Injection

Mensajeitor 1.8.9 - IP HTML Injection source: https://www.securityfocus.com/bid/14071/info Mensajeitor is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...

ASPNuke 0.80 - 'forgot_password.asp?email' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14062/info ASPNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code execute...

CVE-2002-1727

Cross-site scripting vulnerability XSS in 1 asweb.exe and 2 asweb4.exe in askSam Web Publisher 1 and 4 allows remote attackers to execute arbitrary script as other users via a URL...

I-Gallery - Folder Argument Cross-Site Scripting

I-Gallery - Folder Argument Cross-Site Scripting source: https://www.securityfocus.com/bid/14002/info i-Gallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'folder' parameter of 'folderview.asp...

UApplication Ublog Reload 1.0.5 - Trackback.asp Cross-Site Scripting

UApplication Ublog Reload 1.0.5 - Trackback.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/13994/info Ublog Reload is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may...

ATutor 1.4.3 - tile.php Multiple Cross-Site Scripting Vulnerabilities

ATutor 1.4.3 - tile.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker m...

ATutor 1.4.3 - inboxindex.php?view Cross-Site Scripting

ATutor 1.4.3 - inboxindex.php?view Cross-Site Scripting source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage an...

ATutor 1.4.3 - contact.php?subject Cross-Site Scripting

ATutor 1.4.3 - contact.php?subject Cross-Site Scripting source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage an...

ATutor 1.4.3 - subscribe_forum.php?us Cross-Site Scripting

ATutor 1.4.3 - subscribeforum.php?us Cross-Site Scripting source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage...

ATutor 1.4.3 - 'search.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed...

ATutor 1.4.3 - 'content.php?cid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed...

ATutor 1.4.3 - 'contact.php?subject' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed...

ATutor 1.4.3 - 'send_message.php?l' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13972/info ATutor is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code executed...

YaPiG 0.9x - view.php Cross-Site Scripting

YaPiG 0.9x - view.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13875/info YaPiG is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...

[Full-disclosure] XSS Bug in Jaws Glossary Action: ViewTerm ( v 0.4 - 0.5.1 (latest version))

XSS Bug in Jaws Glossary v 0.4 - 0.5.1 latest version STATUS: The vendor has been contacted, fixed in cvs. Jaws is a Framework and Content Management System for building dynamic web sites. It aims to be User Friendly giving ease of use and lots of ways to customize web sites, but at the same time...

BEA WebLogic 7.0/8.1 - Administration Console LoginForm.jsp Cross-Site Scripting

source: https://www.securityfocus.com/bid/13793/info BEA WebLogic Server And WebLogic Express are affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'LoginForm.jsp' script. An attacker may leverage th...

BookReview 1.0 - 'suggest_review.htm?node' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in...