6236 matches found
Gallery: Cross-site scripting vulnerability
Background Gallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. Description Jim Paris has discovered a cross-site scripting...
OpenWFE 1.4.x - Cross-Site Scripting / Connection Proxy
source: https://www.securityfocus.com/bid/11514/info OpenWFE is affected by a cross-site scripting and connection proxy vulnerability. These issues are due to a failure of the application to properly sanitize user-supplied input. An attacker may leverage the cross-site scripting issue to steal...
SCT Campus Pipeline 1.02.x3.x - Render.UserLayoutRootNode.uP Cross-Site Scripting
SCT Campus Pipeline 1.02.x3.x - Render.UserLayoutRootNode.uP Cross-Site Scripting source: https://www.securityfocus.com/bid/11392/info Campus Pipeline is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI inpu...
Xedus Web Server 1.0 - Traversal Arbitrary File Access
Xedus Web Server 1.0 - Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/11071/info It is reported that Xedus is susceptible to multiple vulnerabilities. The first reported issue is a denial of service vulnerability. The affected application is unable to service multiple...
Debian DSA-220-1 : squirrelmail - XSS
A cross site scripting vulnerability has been discovered in squirrelmail, a feature-rich webmail package written in PHP4. Squirrelmail doesn't sanitize user provided variables in all places, leaving it vulnerable to a cross site scripting attack. %NASLMINLEVEL 70300 C Tenable Network Security, In...
ViewCVS viewcvs.cgi Multiple Parameter XSS
The remote host is running ViewCVS, a tool written in Python to browse CVS repositories via the web. The version of ViewCVS running on the remote host has a cross-site scripting vulnerability. Input to the 'viewcvs' parameter is not properly sanitized. A remote attacker could exploit this by...
CVE-2004-1692
Cross-site scripting XSS vulnerability in index.php in Mambo 4.5 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the 1 Itemid, 2 mosmsg, or 3 limit parameters...
YaBB 1.x/9.1.2000 - 'YaBB.pl IMSend' Cross-Site Scripting
source: https://www.securityfocus.com/bid/11215/info A cross-site scripting vulnerability is reported in the YaBB forum 'YaBB.pl' script. As a result, it is possible for a remote attacker to create a malicious link to the affected page of a site hosting the web forum. The malicious link may conta...
CVE-2004-1669
Cross-site scripting XSS vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to execute arbitrary web script or HTML via the 1 User name parameter to accountsettings.html or 2 Search string parameter to search.html...
PSNews 1.1 - 'No' Cross-Site Scripting
source: https://www.securityfocus.com/bid/11124/info PSNews is a Web application that is implemented in PHP. PSNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This vulnerability is reported t...
PSNews 1.1 - No Cross-Site Scripting
PSNews 1.1 - No Cross-Site Scripting source: https://www.securityfocus.com/bid/11124/info PSNews is a Web application that is implemented in PHP. PSNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI...
IlohaMail user Parameter XSS
According to its banner, the remote web server is running IlohaMail version 0.8.10 or earlier. Such versions do not properly sanitize the 'user' parameter before using it to generate dynamic HTML output. An attacker may be able to leverage this to inject arbitrary HTML and script code into a user...
CVE-2002-1307
Cross-site scripting vulnerability XSS in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name...
PhotoADay - 'Pad_selected' Cross-Site Scripting
source: https://www.securityfocus.com/bid/11009/info It is reported that PhotoADay is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a malicious U...
CVE-2004-1735
Cross-site scripting XSS vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field...
Microsoft Outlook Web Access contains vulnerability in HTML redirection query
Overview A cross-site scripting vulnerability in Microsoft Exchange 5.5 Outlook Web Access OWA could allow an attacker to execute arbitrary scripting code in the victim's browser. Description Outlook Web Access OWA is a component of Microsoft Exchange. By using OWA, a server that is running...
BreakCalendar < 1.3 XSS
The remote host seems to be running BreakCalendar, a web-based calendar. The remote version of this software is vulnerable to a cross-site scripting attack that may allow an attacker to use the remote host to perform attacks against third-party users. %NASLMINLEVEL 70300 C Tenable Network Securit...
CVE-2004-1711
Cross-site scripting XSS vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter...
CVE-2004-2064
Cross-site scripting XSS vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the 1 Email or 2 Website fields...
Imatix Xitami 2.5 - Server-Side Includes Cross-Site Scripting
Imatix Xitami 2.5 - Server-Side Includes Cross-Site Scripting source: https://www.securityfocus.com/bid/10778/info It is reported that Imatix Xitami is affected by a cross-site scripting vulnerability in the server side includes test script. This issue is due to a failure of the application to...