485 matches found
Code injection
Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window...
Code injection
The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and...
CVE-2012-3965
Mozilla Firefox before 15.0 does not properly restrict navigation to the about:newtab page, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that triggers creation of a new tab and then a new window...
gpEasy CMS Minishop 1.5 Plugin - Persistent Cross-Site Scripting
Exploit Title: gp easy CMS Minishop 1.5 plugin persistent XSS Date: july 2 2012 Exploit Author: Carlos Mario Penahos Hollmann Vendor Homepage:http://gpeasy.com/Download Software Link: http://gpeasy.com/SpecialAddonPlugins?cmd=download&id=31 Version: 1.5 The vulnerable code is in the Minishop 1.5...
gp Easy CMS Minishop 1.5 Cross Site Scripting
Exploit Title: gp easy CMS Minishop 1.5 plugin persistent XSS Date: july 2 2012 Exploit Author: Carlos Mario Penahos Hollmann Vendor Homepage:http://gpeasy.com/Download Software Link: http://gpeasy.com/SpecialAddonPlugins?cmd=download&id=31 Version: 1.5 The vulnerable code is in the Minishop 1.5...
gpEasy CMS Minishop 1.5 Plugin - Persistent Cross-Site Scripting
gpEasy CMS Minishop 1.5 Plugin - Persistent Cross-Site Scripting Exploit Title: gp easy CMS Minishop 1.5 plugin persistent XSS Date: july 2 2012 Exploit Author: Carlos Mario Penahos Hollmann Vendor Homepage:http://gpeasy.com/Download Software Link:...
Kaseya 6.2.0.0 Cross Site Scripting
Summary The Kaseya version 6.2.0.0 web interface and possibly other versions is vulnerable to Cross-Site Scripting in the "adminName" variable. 2. Description By submitting malicious input such as the following, it is possible to render javascript in the security context of the Kaseya server:...
Directory traversal
Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL...
CVE-2011-3229
Directory traversal vulnerability in Apple Safari before 5.1.1 allows remote attackers to execute arbitrary JavaScript code, in a Safari Extensions context, via a crafted safari-extension: URL...
DragDropCart Cross Site Scripting
Exploit Title: DragDropCart E-Commerce System Stored XSS Date: 2011 Author: Eyup CELIK Version: All Version Tested on: All versions are Vulnerability ISSUE Cross Site Scripting can be done using the command input Vulnerable Page: search.php yaxaluser.php Example: search.php?search= Exploit: "/...
Code injection
Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before 3.1.12, and possibly other products does not properly handle the dropping of a tab element, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges by establishing a content area and registering...
Apache Archiva 1.3.4 Cross Site Scripting
Hi, This is regarding multiple XSS Cross Site Scripting Vulnerabilities in Apache Archiva 1.3.4 and previous versions. The following is the disclosure document Project: Apache Archiva Severity: High Versions: 1.3.0 - 1.3.4. The unsupported versions Archiva 1.0 - 1.2.2 are also affected. Exploit...
Classmates XSS cross-site vulnerabilities-vulnerability warning-the black bar safety net
Vulnerability description: Classmates 1.1.1 design flaws, leading toXSScross-site vulnerability; user can be in a vulnerable application to execute arbitrary JavaScript code. Since the vulnerability exists in“/themes/default/header.inc.php“script is not properly sanitized of user-supplied input t...
SelectaPix Image Gallery 1.4.1 Cross Site Scripting
Vulnerability ID: HTB22964 Reference: http://www.htbridge.ch/advisory/xssinselectapiximagegallery.html Product: SelectaPix Image Gallery Vendor: http://www.outofthetrees.co.uk/ http://www.outofthetrees.co.uk/ Vulnerable Version: 1.4.1 Vendor Notification: 19 April 2011 Vulnerability Type: XSS Cro...
HTB22917: XSS vulnerabilities in phpCollab
Vulnerability ID: HTB22917 Reference: http://www.htbridge.ch/advisory/xssvulnerabilitiesinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011 Vulnerability Type: Stored XSS Cross...
PhotoSmash 1.0.1 Cross Site Scripting
Vulnerability ID: HTB22867 Reference: http://www.htbridge.ch/advisory/xssinphotosmashwordpressplugin.html Product: PhotoSmash wordpress plugin Vendor: Byron Bennett http://smashly.net/ Vulnerable Version: 1.0.1 Vendor Notification: 22 February 2011 Vulnerability Type: XSS Cross Site Scripting...
HTB22831: XSS vulnerability in Gollos
Vulnerability ID: HTB22831 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityingollos.html Product: Gollos Vendor: Gollos http://www.gollos.com/ Vulnerable Version: 2.8 and probably prior versions Vendor Notification: 01 February 2011 Vulnerability Type: XSS Cross Site Scripting Risk...
RunCMS 2.2.2 - Multiple Vulnerabilities
RunCMS 2.2.2 - Multiple Vulnerabilities Source: http://packetstormsecurity.org/files/view/98472/runcms-sqlxss.txt ================================ Vulnerability ID: HTB22820 Reference: http://www.htbridge.ch/advisory/sqlinjectioninruncms.html Product: RunCMS Vendor: http://www.runcms.org/...
HTB22822: XSS vulnerability in RunCMS
Vulnerability ID: HTB22822 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinruncms.html Product: RunCMS Vendor: http://www.runcms.org/ http://www.runcms.org/ Vulnerable Version: 2.2.2 Vendor Notification: 27 January 2011 Vulnerability Type: XSS Cross Site Scripting Risk level: Medium...
HTB22802: XSS in Podcast Generator
Vulnerability ID: HTB22802 Reference: http://www.htbridge.ch/advisory/xssinpodcastgenerator.html Product: Podcast Generator Vendor: Alberto Betella http://podcastgen.sourceforge.net/ Vulnerable Version: 1.3 Vendor Notification: 20 January 2011 Vulnerability Type: XSS Cross Site Scripting Risk...