3351 matches found
miniBB 2.2 - 'bb_admin.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28957/info miniBB is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
CuteNews 1.4.6 index.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that...
AIOCP 1.3.x cp_forum_view.php choosed_language Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal...
C-News 1.0.1 - 'install.php' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28989/info C-News is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
Google Chrome 0.2.149 - ftp:// URL Multiple File Format Handling XSS
No description provided by source. source: http://www.securityfocus.com/bid/31855/info Google Chrome 0.2.149 is prone to a cross-site scripting weakness that arises because the software fails to handle specially crafted files served using the FTP protocol. Successfully exploiting this issue may...
CuteNews 1.4.6 index.php New User Creation CSRF
No description provided by source. source: http://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that...
Alisveris Sitesi Scripti Index.ASP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25007/info Alisveris Sitesi Scripti is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script...
CuteNews 1.4.6 editnews Module doeditnews Action Admin Moderation Bypass
No description provided by source. source: http://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that...
Stuffed Guys Stuffed Tracker Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/25931/info Stuffed Tracker is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...
Google Chrome <= 0.3.154 'javascript:' URI in 'Refresh' Header Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/35572/info Google Chrome is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the context of th...
Fog Creek Software FogBugz 4.0 29 Default.ASP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16216/info FogBugz is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script...
QwikiWiki 1.4/1.5 pageindex.php help Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17064/info QwikiWiki is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...
Claroline 1.8.9 wiki/wiki.php URL XSS
No description provided by source. source: http://www.securityfocus.com/bid/30269/info Claroline is prone to multiple input-validation vulnerabilities: 1. Multiple cross-site scripting vulnerabilities. 2. A remote URI-redirection vulnerability. An attacker may leverage these issues to execute...
Accellion File Transfer - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/30796/info Accellion File Transfer is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script cod...
OpenDocMan 1.x - 'out.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/29765/info OpenDocMan is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
Jack (tR) Jax LinkLists 1.00 - 'jax_linklists.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28518/info Jax LinkLists is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of a...
Active Calendar 1.2 data/y_3.php css Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/22705/info Active Calendar is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...
Online Contact Manager 3.0 email.php id Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/34626/info Online Contact Manager is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script...
NPDS 4.8 News Message HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5797/info Problems with NPDS could make it possible to execute arbitrary script code in a vulnerable client. NPDS does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user view...
Php-Stats 0.1.9.2 Tracking.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25674/info Php-Stats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...