Fusionphp Fusion News 3.6.1 - Cross-Site Scripting

Fusionphp Fusion News 3.6.1 - Cross-Site Scripting source: https://www.securityfocus.com/bid/10203/info An attacker may be capable of executing arbitrary script code in a browser of a target user and within the context of a visited web site. This may potentially lead to theft of cookie based...

ProfitCode Software PayProCart 3.0 - AdminShop TaskID Cross-Site Scripting

ProfitCode Software PayProCart 3.0 - AdminShop TaskID Cross-Site Scripting source: https://www.securityfocus.com/bid/13307/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may...

ProfitCode Software PayProCart 3.0 - AdminShop TaskID Cross-Site Scripting

source: https://www.securityfocus.com/bid/13307/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser o...

phpBB 2.0.x - 'album_portal.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/10177/info It has been reported that phpBB may be prone to a file include vulnerability that may allow remote attackers to include a remote malicious script to be executed on a vulnerable system...

CVE-2004-0121

Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs...

phpBugTracker 0.9 - user.php?bugid Cross-Site Scripting

phpBugTracker 0.9 - user.php?bugid Cross-Site Scripting source: https://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. These issues are all due...

phpBugTracker 0.9 - query.php Multiple Cross-Site Scripting Vulnerabilities

phpBugTracker 0.9 - query.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. Thes...

PT-2004-1312 · Microsoft · Outlook

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook version 2002 Description: The issue concerns an argument injection vulnerability where Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE. Thi...

Topic Calendar 1.0.1 - Calendar_Scheduler.php Cross-Site Scripting

Topic Calendar 1.0.1 - CalendarScheduler.php Cross-Site Scripting source: https://www.securityfocus.com/bid/12893/info Topic Calendar is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An...

XSS in e107 forum

Существует возможность вставки произвольного HTML код в тело сообщения. Удаленный атакующий может вставить специально отформатированный BB тэг bbcode , чтобы заставить форум отобразить произвольный код сценария в браузере пользователя, просматривающего злонамеренное сообщение. При желании, укорот...

Topic Calendar 1.0.1 - 'Calendar_Scheduler.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/12893/info Topic Calendar is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute...

CVE-2004-0359

Cross-site scripting XSS vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the 1 c, 2 f, 3 showtopic, 4 showuser, or 5 username parameters...

CVE-2004-0248

Cross-site scripting vulnerability XSS in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into 1 keywords argument of main.inc.php, 2 body argument of help.inc.php, or 3 the subject field in Personal Messages and Forum...

CVE-2004-0271

CVE-2004-0271 concerns multiple cross-site scripting (XSS) vulnerabilities in MaxWebPortal. The issues enable remote attackers to run arbitrary web script in the context of other users by manipulating: (1) sub_name in dl_showall.asp, (2) SendTo in Personal Messages, (3) HTTP_REFERER for down.asp,...

CVE-2004-0322

Multiple cross-site scripting XSS vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the 1 member parameter in member.php, 2 uid parameter in u2uadmin.php, 3 user parameter in editprofile.php, 4 an onmouseover event in an align tag when bbco...

CVE-2004-0337

Cross-site scripting XSS vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / slash and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be...

CVE-2004-1818

Cross-site scripting XSS vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter...

iDEFENSE Security Advisory 03.09.04: Microsoft Outlook "mailto:" Parameter Passing Vulnerability

Microsoft Outlook "mailto:" Parameter Passing Vulnerability iDEFENSE Security Advisory 03.09.04 www.idefense.com/application/poi/display?id=79&type=vulnerabilities March 09, 2004 I. BACKGROUND Microsoft Outlook provides an integrated solution for managing and organizing e-mail messages, schedules...

CVE-2004-0322

Multiple cross-site scripting XSS vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the 1 member parameter in member.php, 2 uid parameter in u2uadmin.php, 3 user parameter in editprofile.php, 4 an onmouseover event in an align tag when bbco...

XMB Forum 1.8 - 'editprofile.php?user' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9726/info XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities. The issues present themselves due to insufficient sanitization of remote user supplied data. An attacker may exploit any one of...