71 matches found
CVE-2014-4847
Cross-site scripting XSS vulnerability in the Random Banner plugin 1.1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the buffercodeRBannerurlbanner1 parameter in an update action to wp-admin/options.php...
CVE-2014-1915
Multiple cross-site request forgery CSRF vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of 1 administrators for requests that change the administrator password via an update action to sw/adminchangepassword.php or 2...
CVE-2013-1734
Cross-site request forgery CSRF vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that commit an attachment change via a...
CVE-2011-4615
Multiple cross-site scripting XSS vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter aka host groups name to 1 hostgroups.php and 2 usergrps.php, the update action to 3 hosts.php and 4 scripts.php, and 5 maintenance.php...
CVE-2011-4615
Multiple cross-site scripting XSS vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter aka host groups name to 1 hostgroups.php and 2 usergrps.php, the update action to 3 hosts.php and 4 scripts.php, and 5 maintenance.php...
CVE-2011-4615
Multiple cross-site scripting XSS vulnerabilities in Zabbix before 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the gname parameter aka host groups name to 1 hostgroups.php and 2 usergrps.php, the update action to 3 hosts.php and 4 scripts.php, and 5 maintenance.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 emailid, 2 fname, 3 lname, 4 company, 5 address1, 6 address2, 7 city, 8 state, 9 zipcode, 10 phone, and 11 fax parameters in an update...
CVE-2010-2917
Multiple cross-site scripting XSS vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 emailid, 2 fname, 3 lname, 4 company, 5 address1, 6 address2, 7 city, 8 state, 9 zipcode, 10 phone, and 11 fax parameters in an update...
CVE-2008-5893
Cross-site scripting XSS vulnerability in admindblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action...
Cross site scripting
Cross-site scripting XSS vulnerability in admindblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action...
Code injection
Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action...