Quick.Cms 5.0 / Quick.Cart 6.0 Cross Site Scripting Vulnerability

Quick.Cms version 5.0 and Quick.Cart version 6.0 suffer from a cross site scripting vulnerability. Product: Quick.Cms, Quick.Cart Vendor: OpenSolution team Vulnerable Versions: Quick.Cms 5.0, Quick.Cart 6.0 and probably prior Tested Version: Quick.Cms 5.0, Quick.Cart 6.0 Vendor Notification:...

Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart

Advisory ID: HTB23135 Product: Quick.Cms, Quick.Cart Vendor: OpenSolution team Vulnerable Versions: Quick.Cms 5.0, Quick.Cart 6.0 and probably prior Tested Version: Quick.Cms 5.0, Quick.Cart 6.0 Vendor Notification: December 19, 2012 Vendor Patch: December 20, 2012 Public Disclosure: January 9,...

Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart

High-Tech Bridge Security Research Lab discovered XSS vulnerability in Quick.Cms and Quick.Cart - two products developed by OpenSolution team, which can be exploited to perform cross-site scripting attacks. 1. Cross-Site Scripting XSS vulnerability in Quick.Cms and Quick.Cart: CVE-2012-6430 The...

Kayako Fusion 4.40.1148 Cross Site Scripting

Advisory ID: HTB23095 Product: Kayako Fusion Vendor: Kayako Vulnerable Versions: 4.40.1148 and probably prior Tested Version: 4.40.1148 Vendor Notification: June 6, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE Reference: CVE-2012-3233 CVSSv2 Base...

Kayako Fusion 4.40.1148 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Product: Kayako Fusion Vendor: Kayako Vulnerable Versions: 4.40.1148 and probably prior Tested Version: 4.40.1148 Vendor Notification: June 6, 2012 Public Disclosure: September 5, 2012 Vulnerability Type: Cross-Site Scripting CWE-79 CVE...

Cross-Site Scripting (XSS) in Kayako Fusion

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Kayako Fusion, which can be exploited to perform Cross-Site Scripting XSS attacks. 1 Cross-Site Scripting XSS in Kayako Fusion: CVE-2012-3233 Input appended to the URL after...

KnowledgeTree 3.7.0.2 Cross Site Scripting

Advisory ID: HTB23065 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinknowledgetreecommunityedition.html Product: KnowledgeTree Commercial and Community Editions Vendor: KnowledgeTree Inc. http://knowledgetree.org Vulnerable Version: 3.7.0.2 and probably prior Tested Version:...

Browser CRM 5.100.01 Cross Site Scripting / SQL Injection

Vulnerability ID: HTB23059 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinbrowsercrm.html Product: Browser CRM Vendor: BrowserCRM Limited http://www.browsercrm.com Vulnerable Version: 5.100.01 and probably prior Tested Version: 5.100.01 Vendor Notification: 23 November 2011...

Multiple vulnerabilities in ImpressCMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in ImpressCMS, which can be exploited to perform cross-site scripting and local file inclusion attacks. 1 Multiple Arbitrary XSS vulnerabilities in ImpressCMS: CVE-2012-0986 1.1 Input appended to the URL after...

Dolibarr ERPCRM 3.1 - Multiple Script URI Cross-Site Scripting Vulnerabilities

Dolibarr ERPCRM 3.1 - Multiple Script URI Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/50777/info Dolibarr is prone to multiple cross-site scripting and SQL-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in...

Multiple vulnerabilities in webERP

Vulnerability ID: HTB23055 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinweberp.html Product: webERP Vendor: www.weberp.org http://www.weberp.org Vulnerable Version: 4.05 and probably prior Tested Version: 4.05 Vendor Notification: 26 October 2011 Vulnerability Type: XSS, S...

Multiple vulnerabilities in Tine 2.0

Vulnerability ID: HTB23050 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesintine20.html Product: Tine 2.0 Vendor: Metaways Infosystems GmbH http://www.tine20.org Vulnerable Version: Maischa 2011/05 and probably prior Tested Version: Maischa 2011/05 Vendor Notification: 28...

Tine 2.0 Cross Site Scripting

Vulnerability ID: HTB23050 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesintine20.html Product: Tine 2.0 Vendor: Metaways Infosystems GmbH http://www.tine20.org Vulnerable Version: Maischa 2011/05 and probably prior Tested Version: Maischa 2011/05 Vendor Notification: 28...

Multiple vulnerabilities in Efront

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Efront, which can be exploited to perform SQL injection and cross-site scripting attacks. 1 Cross-Site scripting XSS vulnerabilities in Efront 1.1 Input passed via the "course" GET parameter to index.php is not...

Multiple vulnerabilities in Tine 2.0

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Tine 2.0, which can be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in Tine 2.0 1.1 Input passed via the "lang" GET parameter to /library/idnaconvert/example.php i...

MySQLDumper vulnerability: Bypassing Apache based access control possible

A critical security issue has been found in the Open Source PHP backup tool MySQLDumper 0. The issue allows to bypass an Apache based access control created with MySQLDumper. Through this an attacker can easily gain full control about all features of MySQLDumper. The authors of MySQLDumper were...