BookReview 1.0 - 'add_url.htm?node' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in...

Groove Virtual Office / Workspace Multiple Vulnerabilities

According the remote registry, the version of Groove Virtual Office or Groove Workspace on the remote host suffers from multiple vulnerabilities. Some of these flaws may allow for arbitrary script execution, disclosure of sensitive information, and denial of service, all from remote users. C...

CVE-2003-1204

Multiple cross-site scripting XSS vulnerabilities in Mambo Site Server 4.0.12 BETA and earlier allow remote attackers to execute script on other clients via 1 the link parameter in sectionswindow.php, the directory parameter in 2 gallery.php, 3 navigation.php, or 4 uploadimage.php, the path...

CVE-2002-1662

CVE-2002-1662 corresponds to multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Server 4.0.11. The issues allow remote attackers to execute arbitrary script on other clients via (1) search.php and (2) the "Your name" field during account registration. This is described in the NVD e...

Skull-Splitter Guestbook Multiple Field XSS

The remote version of this software is vulnerable to cross-site scripting attacks. Inserting special characters into the subject or message content can cause arbitrary script code execution for third-party users, thus resulting in a loss of integrity of their system. %NASLMINLEVEL 70300 This scri...

CVE-2004-1969

The avatar upload capability in Open Bulletin Board OpenBB 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript...

CVE-2005-1337

Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote attackers to read and execute arbitrary scrpts with less restrictive privileges via a help:// URI...

FishCart 3.1 - 'display.php?nlst' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13499/info FishCart is prone to multiple cross-site scripting and SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit of the SQL-injection issues could allow an attacker to compromise...

CVE-2005-1154

Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."...

CVE-2005-1191

The Web View DLL webvw.dll, as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe "'" in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when t...

security flaw

Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."...

GrayCMS 1.1 - error.php Remote File Inclusion

GrayCMS 1.1 - error.php Remote File Inclusion source: https://www.securityfocus.com/bid/13381/info GrayCMS is prone to a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

GLSA-200504-23 : Kommander: Insecure remote script execution

The remote host is affected by the vulnerability described in GLSA-200504-23 Kommander: Insecure remote script execution Kommander executes data files from possibly untrusted locations without user confirmation. Impact : An attacker could exploit this to execute arbitrary code with the permission...

phpBB 2.0.x - viewtopic.php Cross-Site Scripting

phpBB 2.0.x - viewtopic.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13345/info phpBB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

CartWIZ 1.10 - TellAFriend.asp Cross-Site Scripting

CartWIZ 1.10 - TellAFriend.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/13336/info CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to hav...

CartWIZ 1.10 - 'searchresults.asp' Name Argument Cross-Site Scripting

source: https://www.securityfocus.com/bid/13343/info CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of a...

CartWIZ 1.10 - 'Access.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13338/info CartWIZ is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of a...

ASPNuke 0.80 - Select.asp Cross-Site Scripting

ASPNuke 0.80 - Select.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/13320/info ASPNuke is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

ASPNuke 0.80 - profile.asp Cross-Site Scripting

ASPNuke 0.80 - profile.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/13319/info ASPNuke is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

security flaw

Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."...