Gallery: Cross-site scripting vulnerability

Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description Rafel Ivgi has discovered a cross-site scripting...

CVE-2005-0221

Cross-site scripting XSS vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2formsubject field...

froogleCookie.txt

The flaw which was discovered by Nir Goldshlagger and was tested many times. hey this is Cross site Scripting In Froogle And its leads to steal the cookie in gmail if you send this link to the Victim in gmail email: when he click this link you steal is cookie in gmail And Even if the victim does...

CVE-2004-2174

Cross-site scripting XSS vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter...

CVE-2004-2293

Multiple cross-site scripting XSS vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the 1 eid parameter or 2 query parameter to the Encyclopedia module, 3 previewreview function in the Reviews module as demonstrated by the url, cover,...

CVE-2004-2358

Cross-site scripting XSS vulnerability in adminwords.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter...

CVE-2004-1418

Cross-site scripting XSS vulnerability in WPKontakt 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail address, which is not quoted when a parsing error is generated...

CVE-2004-1824

Cross-site scripting XSS vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php...

CVE-2004-2015

Cross-site scripting XSS vulnerability in WebCT Campus Edition allows remote attackers to inject arbitrary HTML or web script via 1 iframe, 2 img, or 3 object tags...

CVE-2004-2741

Cross-site scripting XSS vulnerability in the "help window" help.php in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the 1 module, 2 topic, or 3 module parameters...

CVE-2004-1807

Cross-site scripting XSS vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to inject arbitrary web script or HTML via the URL...

CVE-2004-2096

Cross-site scripting XSS vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL...

Moderate: Red Hat Security Advisory: squirrelmail security update

An updated SquirrelMail package that fixes a cross-site scripting vulnerability is now available. SquirrelMail is a webmail package written in PHP. A cross-site scripting bug has been found in SquirrelMail. This issue could allow an attacker to send a mail with a carefully crafted header, which...

CVE-2004-1202

Cross-site scripting XSS vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter...

phpGroupWare 0.9.x - index.php Multiple Cross-Site Scripting Vulnerabilities

phpGroupWare 0.9.x - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/11952/info Reportedly PHPGroupWare contains multiple input validation vulnerabilities; it is prone to multiple SQL injection and cross-site scripting issues. These issues are all...

UseModWiki 1.0 - Wiki.pl Cross-Site Scripting

UseModWiki 1.0 - Wiki.pl Cross-Site Scripting source: https://www.securityfocus.com/bid/11924/info It is reported that UseModWiki is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input before outputting i...

Blog Torrent 0.80 - 'BTDownload.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/11839/info It is reported that Blog Torrent is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a maliciou...

JSPWiki 2.1 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/11746/info It is reported that JSPWiki is susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamically generated Web pages. This...

PHPKIT 1.6 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/11725/info It is reported that PHPKIT is susceptible to cross-site scripting and SQL injection vulnerabilities. The cross-site scripting issue is present in a parameter of the 'popup.php' script. An attacker can exploit this issue by creating a malicious...

PHPKIT 1.6 - Multiple Input Validation Vulnerabilities

PHPKIT 1.6 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/11725/info It is reported that PHPKIT is susceptible to cross-site scripting and SQL injection vulnerabilities. The cross-site scripting issue is present in a parameter of the 'popup.php' script. An...