111 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 XWiki.XWikiCommentscomment parameter to xwiki/bin/commentadd/Main/WebHome, 2 XWiki.XWikiUsers0company parameter when editing a user profile, or 3...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ajaxmember.php in 6kbbs 8.0 build 20100901 allow remote attackers to inject arbitrary web script or HTML via the 1 usermsn, 2 useremail, and 3 userphone parameters in a modifyDetails action...
CVE-2009-2133
Multiple cross-site scripting XSS vulnerabilities in Pivot 1.40.4 and 1.40.7 allow remote attackers to inject arbitrary web script or HTML via the 1 menu or 2 sort parameter to pivot/index.php, 3 the value of a check array parameter in a delete action to pivot/index.php, 4 the element name in a...
Authentication flaw
index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the 1 usersfullname, 2 usersemail, 3 usersroleid, 4 usersusername, and 5 userspassword parameters...
CVE-2006-2048
Multiple cross-site scripting XSS vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 port, 2 server, and 3 user parameters. NOTE: it is possible that the affected version is actually 3.2...
CVE-2005-0673
Cross-site scripting XSS vulnerability in usercpregister.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the 1 allowhtml, 2 allowbbcode, or 3 allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are process...
CVE-2005-0629
Multiple cross-site scripting XSS vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 user or 2 Avatar parameters...
CVE-2004-1862
Multiple cross-site scripting XSS vulnerabilities in Extreme Messageboard XMB 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the 1 xmbuser parameter to xmb.php, 2 folder parameter to u2u.php, 3 viewmost, replymost, or latest parameter to stats.php, 4 messag...
Invision Power Services Invision Gallery 1.0.1 - Multiple SQL Injections
Invision Power Services Invision Gallery 1.0.1 - Multiple SQL Injections source: https://www.securityfocus.com/bid/9944/info It has been reported that Invision Gallery may be prone to multiple sql injection vulnerabilities, allowing an attacker to influence SQL query logic. The issues exist due t...
PHP-Nuke Splatt Forum 4.0 Module - Cross-Site Scripting
source: https://www.securityfocus.com/bid/7483/info Splatt Forum is a public message board plugin designed to be used with PHPNuke. It has been reported that Splatt Forum does not sufficiently filter user supplied URI parameters for the Splatt Forum 'Search' function. As a result of this...
Mambo Site Server 4.0.10 - index.php Cross-Site Scripting
Mambo Site Server 4.0.10 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/7135/info Mambo Site Server has been reported prone to a cross-site scripting vulnerability. It has been reported that certain user supplied URI parameters are not sufficiently sanitized by the Mam...