NeoMail NeoMail.PL SessionID Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17728/info NeoMail is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the sessionid parameter in a livesupport startclientchat action to visitor/index.php; 2 the filter parameter in a news view action to...

CVE-2008-3700

Multiple cross-site scripting XSS vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the sessionid parameter in a livesupport startclientchat action to visitor/index.php; 2 the filter parameter in a news view action to...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in InstantASP 4.1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 SessionID parameter to a Logon.aspx, and the 2 Username and 3 Update parameters to b Members1.aspx...

CVE-2006-4244

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-username cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value...

Sql injection

Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sessionid parameter in 1 top.php and 2 member.php. NOTE: this issue has also been reported to affect 1.7.2...

CVE-2006-2214

Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sessionid parameter in 1 top.php and 2 member.php. NOTE: this issue has also been reported to affect 1.7.2...

CVE-2006-2190

CVE-2006-2190 is an XSS vulnerability in OpenWebMail (OWM) affecting 2.51 and earlier, via the sessionid parameter in ow-shared.pl and related scripts (openwebmail-send.pl, openwebmail-advsearch.pl, openwebmail-folder.pl, openwebmail-prefs.pl, openwebmail-abook.pl, openwebmail-read.pl, openwebmai...

CVE-2006-2138

Cross-site scripting XSS vulnerability in neomail.pl in NeoMail 1.29 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter...

CVE-2005-2863

Cross-site scripting XSS vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter...