6238 matches found
eNdonesia 8.2/8.3 - 'Mod' Cross-Site Scripting
source: https://www.securityfocus.com/bid/8506/info It has been reported that eNdonesia is prone to a cross-site scripting vulnerability that may allow a remote attacker to execute HTML or script code in a victim's browser. The issue reportedly exists in the mod.php script via the 'mod' URI...
Microsoft Internet Explorer 6 - ADODB.Stream Object File Installation
source: https://www.securityfocus.com/bid/10514/info Microsoft Internet Explorer is prone to a security weakness that may permit malicious HTML documents to create or overwrite files on a victim file system when interpreted from the Local Zone or other Security Zones with relaxed security...
DSA-365 phpgroupware - several vulnerabilities
Bulletin has no description...
CVE-2003-0442
Cross-site scripting XSS vulnerability in the transparent SID support capability for PHP before 4.3.2 session.usetranssid allows remote attackers to insert arbitrary script via the PHPSESSID parameter...
[SECURITY] [DSA-351-1] New php4 packages fix cross-site scripting vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 351-1 [email protected] http://www.debian.org/security/ Matt Zimmerman July 16th, 2003 http://www.debian.org/security/faq -...
Infinity CGI Exploit Scanner 3.11 - Cross-Site Scripting
Infinity CGI Exploit Scanner 3.11 - Cross-Site Scripting source: https://www.securityfocus.com/bid/7910/info Infinity CGI Exploit Scanner is reported to be prone to a cross-site scripting vulnerability. An attacker could exploit this issue to creating a malicious link to a site hosting the softwa...
H-Sphere 2.x - HTML Template Inclusion Cross-Site Scripting
source: https://www.securityfocus.com/bid/7855/info H-Sphere is prone to multiple cross-site scripting vulnerabilities via the HTML template feature in the Hosting Control Panel. HTML and script code will not be filtered from pages which are generated when a request for an invalid or unknown...
CVE-2003-0375
Cross-site scripting XSS vulnerability in member.php of XMBforum XMB 1.8.x aka Partagium allows remote attackers to insert arbitrary HTML and web script via the "member" parameter...
PHP 4.x - Transparent Session ID Cross-Site Scripting
PHP 4.x - Transparent Session ID Cross-Site Scripting source: https://www.securityfocus.com/bid/7761/info A cross-site scripting vulnerability has been discovered in PHP. The problem occurs due to insufficient sanitization of the PHPSESSID URI parameter. An attacker may be capable of exploiting...
PHP 4.x - Transparent Session ID Cross-Site Scripting
source: https://www.securityfocus.com/bid/7761/info A cross-site scripting vulnerability has been discovered in PHP. The problem occurs due to insufficient sanitization of the PHPSESSID URI parameter. An attacker may be capable of exploiting this vulnerability by constructing a malicious link...
Sun ONE Application Server 7.0 - Error Message Cross-Site Scripting
Sun ONE Application Server 7.0 - Error Message Cross-Site Scripting source: https://www.securityfocus.com/bid/7710/info Sun ONE Application Server has been reported prone to a cross-site scripting vulnerability. Sun ONE Application Server does not adequately filter script code from URL parameters...
Sun ONE Application Server 7.0 - Error Message Cross-Site Scripting
source: https://www.securityfocus.com/bid/7710/info Sun ONE Application Server has been reported prone to a cross-site scripting vulnerability. Sun ONE Application Server does not adequately filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied...
Proxy Web Server XSS
The remote host is running a proxy web server that fails to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. C...
EZ Publish 2.2 - 'index.php' IMG Tag Cross-Site Scripting
source: https://www.securityfocus.com/bid/7616/info A cross-site scripting vulnerability has been reported for eZ publish. Specifically, eZ publish does not sufficiently sanitize user-supplied input supplied to the 'index.php' script. This may allow for theft of cookie-based authentication...
Inktomi Traffic Server 4.05.x - Cross-Site Scripting
Inktomi Traffic Server 4.05.x - Cross-Site Scripting source: https://www.securityfocus.com/bid/7596/info Inktomi Traffic Server is prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of input passed to the proxy, which will be echoed back in error pages under...
Css in Xoops module glossary 1.3.x
Author: Magistrat Date: 30/03/2003 Object: XOOPS glossary Module Input Filtering Bug Allows Remote Users to Conduct Cross-Site Scripting Attacks Impact: Disclosure of authentication information, Execution of arbitrary code via network, Modification of user information, User access via network Fix...
CVE-2002-0181
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter...
CVE-2002-1053
Cross-site scripting XSS vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message...
CVE-2002-0292
Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field...
Siteframe search.php searchfor Parameter XSS
Siteframe 2.2.4 has a cross-site scripting bug. An attacker may use it to perform a cross-site scripting attack on this host. In addition to this, another flaw in this package may allow an attacker to obtain the physical path to the remote web root. %NASLMINLEVEL 70300 written by K-Otik.com...