6251 matches found
ViewCVS viewcvs.cgi Multiple Parameter XSS
The remote host is running ViewCVS, a tool written in Python to browse CVS repositories via the web. The version of ViewCVS running on the remote host has a cross-site scripting vulnerability. Input to the 'viewcvs' parameter is not properly sanitized. A remote attacker could exploit this by...
CVE-2004-1692
Cross-site scripting XSS vulnerability in index.php in Mambo 4.5 1.0.9 allows remote attackers to inject arbitrary web script or HTML via the 1 Itemid, 2 mosmsg, or 3 limit parameters...
YaBB 1.x/9.1.2000 - 'YaBB.pl IMSend' Cross-Site Scripting
source: https://www.securityfocus.com/bid/11215/info A cross-site scripting vulnerability is reported in the YaBB forum 'YaBB.pl' script. As a result, it is possible for a remote attacker to create a malicious link to the affected page of a site hosting the web forum. The malicious link may conta...
CVE-2004-1669
Cross-site scripting XSS vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to execute arbitrary web script or HTML via the 1 User name parameter to accountsettings.html or 2 Search string parameter to search.html...
PSNews 1.1 - No Cross-Site Scripting
PSNews 1.1 - No Cross-Site Scripting source: https://www.securityfocus.com/bid/11124/info PSNews is a Web application that is implemented in PHP. PSNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI...
PSNews 1.1 - 'No' Cross-Site Scripting
source: https://www.securityfocus.com/bid/11124/info PSNews is a Web application that is implemented in PHP. PSNews is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This vulnerability is reported t...
IlohaMail user Parameter XSS
According to its banner, the remote web server is running IlohaMail version 0.8.10 or earlier. Such versions do not properly sanitize the 'user' parameter before using it to generate dynamic HTML output. An attacker may be able to leverage this to inject arbitrary HTML and script code into a user...
CVE-2002-1307
Cross-site scripting vulnerability XSS in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name...
PhotoADay - 'Pad_selected' Cross-Site Scripting
source: https://www.securityfocus.com/bid/11009/info It is reported that PhotoADay is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remote attacker to create a malicious U...
CVE-2004-1735
Cross-site scripting XSS vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field...
Microsoft Outlook Web Access contains vulnerability in HTML redirection query
Overview A cross-site scripting vulnerability in Microsoft Exchange 5.5 Outlook Web Access OWA could allow an attacker to execute arbitrary scripting code in the victim's browser. Description Outlook Web Access OWA is a component of Microsoft Exchange. By using OWA, a server that is running...
BreakCalendar < 1.3 XSS
The remote host seems to be running BreakCalendar, a web-based calendar. The remote version of this software is vulnerable to a cross-site scripting attack that may allow an attacker to use the remote host to perform attacks against third-party users. %NASLMINLEVEL 70300 C Tenable Network Securit...
CVE-2004-1711
Cross-site scripting XSS vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter...
CVE-2004-2064
Cross-site scripting XSS vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the 1 Email or 2 Website fields...
Imatix Xitami 2.5 - Server-Side Includes Cross-Site Scripting
Imatix Xitami 2.5 - Server-Side Includes Cross-Site Scripting source: https://www.securityfocus.com/bid/10778/info It is reported that Imatix Xitami is affected by a cross-site scripting vulnerability in the server side includes test script. This issue is due to a failure of the application to...
BoardPower Forum - 'ICQ.cgi' Cross-Site Scripting
source: https://www.securityfocus.com/bid/10734/info BoardPower Forum is reportedly affected by a cross-site scripting vulnerability in the icq.cgi script. This issue is due to a failure of the application to properly sanitize user-supplied URI input. A remote attacker can exploit this issue by...
CVE-2004-0675
Cross-site scripting XSS vulnerability in 1 cart32.exe or 2 c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command...
12Planet Chat Server 2.9 - Cross-Site Scripting
12Planet Chat Server 2.9 - Cross-Site Scripting source: https://www.securityfocus.com/bid/10659/info It is reported that 12Planet Chat Server is prone to a cross-site scripting vulnerability. This issue is due to a lack of sanitization of user-supplied data. The problem presents itself when...
ArbitroWeb PHP Proxy 0.5/0.6 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/10592/info It is reported that ArbitroWeb is susceptible to a cross-site scripting vulnerability in its rawURL URI parameter. The URI parameter passed to 'index.php' called 'rawURL' contains the desired target for the proxy to connect to. This parameter i...
CVE-2004-1964
Cross-site scripting XSS vulnerability in nqt.php in Network Query Tool NQT 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter...