New-CMS 1.08 - Multiple Local File Inclusion HTML Injection Vulnerabilities

New-CMS 1.08 - Multiple Local File Inclusion HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/38307/info New-CMS is prone to multiple local file-include vulnerabilities and an HTML-Injection vulnerability because it fails to properly sanitize user-supplied input. An attack...

Subex Nikira Fraud Management System GUI - 'message' Cross-Site Scripting

source: https://www.securityfocus.com/bid/38311/info The Subex Nikira Fraud Management System GUI is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

PortWise SSL VPN 4.6 - 'reloadFrame' Cross-Site Scripting

source: https://www.securityfocus.com/bid/38308/info PortWise SSL VPN is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

CMS Made Simple Local File Include and Cross Site Scripting Vulnerabilities

CMS Made Simple is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using directory-traversal strings to view and execute local files within...

Huawei HG510 - Multiple Cross-Site Request Forgery Vulnerabilities

Huawei HG510 - Multiple Cross-Site Request Forgery Vulnerabilities source: https://www.securityfocus.com/bid/38261/info Huawei HG510 is prone to multiple cross-site request-forgery vulnerabilities. Successful exploits may allow attackers to run privileged commands on the affected device, change...

Portrait Software Portrait Campaign Manager 4.6.1.22 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/38252/info Portrait Campaign Manager is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an...

Huawei HG510 - Multiple Cross-Site Request Forgery Vulnerabilities

source: https://www.securityfocus.com/bid/38261/info Huawei HG510 is prone to multiple cross-site request-forgery vulnerabilities. Successful exploits may allow attackers to run privileged commands on the affected device, change configuration, cause denial-of-service conditions, or inject arbitra...

Extreme Mobster - 'login' Cross-Site Scripting

source: https://www.securityfocus.com/bid/38265/info Extreme Mobster is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the conte...

EziScript Google Page Rank 1.1 - Cross-Site Scripting

EziScript Google Page Rank 1.1 - Cross-Site Scripting source: https://www.securityfocus.com/bid/38266/info EziScript Google Page Rank is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

Extreme Mobster - login Cross-Site Scripting

Extreme Mobster - login Cross-Site Scripting source: https://www.securityfocus.com/bid/38265/info Extreme Mobster is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

BGSvetionik BGS CMS - 'search' Cross-Site Scripting

source: https://www.securityfocus.com/bid/38264/info BGSvetionik BGS CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Basic-CMS - 'nav_id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/38235/info Basic-CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

ShopEx Single 4.5.1 - errinfo Cross-Site Scripting

ShopEx Single 4.5.1 - errinfo Cross-Site Scripting source: https://www.securityfocus.com/bid/39941/info ShopEx Single is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code...

ShopEx Single 4.5.1 - 'errinfo' Cross-Site Scripting

source: https://www.securityfocus.com/bid/39941/info ShopEx Single is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

evalSMSI 2.1.3 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/38116/info evalSMSI is prone to multiple vulnerabilities, including an authentication-bypass issue, an SQL-Injection issue, and an HTML-Injection issue. Attackers can exploit these issues to gain administrative access to the affected application, execute...

evalSMSI 2.1.3 - Multiple Input Validation Vulnerabilities

evalSMSI 2.1.3 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/38116/info evalSMSI is prone to multiple vulnerabilities, including an authentication-bypass issue, an SQL-Injection issue, and an HTML-Injection issue. Attackers can exploit these issues to gain...

SAP BusinessObjects viewError.jsp 'error' Parameter XSS

The version of SAP BusinessObjects installed on the remote web server has a cross-site scripting vulnerability. Input passed to the 'error' parameter of '/PerformanceManagement/jsp/viewError.jsp' is not properly sanitized. A remote attacker could exploit this by tricking a user into requesting a...

COMTREND CT-507 IT ADSL Router - 'scvrtsrv.cmd' Cross-Site Scripting

source: https://www.securityfocus.com/bid/38004/info Comtrend CT-507 IT is prone to a cross-site scripting vulnerability because the device's web interface fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

CommonSpot Server - utilitieslongproc.cfm Cross-Site Scripting

CommonSpot Server - utilitieslongproc.cfm Cross-Site Scripting source: https://www.securityfocus.com/bid/37986/info CommonSpot Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to...

PunBB 1.3 - 'viewtopic.php' Cross-Site Scripting Vulnerability

PunBB 1.3 'viewtopic.php' Cross-Site Scripting Vulnerability. CVE-2010-0455. Webapps exploit for php platform source: http://www.securityfocus.com/bid/37930/info PunBB is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may...