7613 matches found
CVE-2013-7032
Multiple cross-site scripting XSS vulnerabilities in the web based operator client in LiveZilla before 5.1.2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 name of an uploaded file or 2 customer name in a resource created from an uploaded file, a different vulnerability...
Rhino - Cross-Site Scripting Password Reset
Rhino - Cross-Site Scripting Password Reset source: https://www.securityfocus.com/bid/65628/info Rhino is prone to a cross-site scripting vulnerability and security-bypass vulnerability . An attacker can exploit these issues to execute arbitrary script code in the context of the vulnerable site,...
FreeBSD : phpmyfaq -- multiple vulnerabilities (4dd575b8-8f82-11e3-bb11-0025905a4771)
The phpMyFAQ team reports : An arbitrary script may be executed on the user's Internet Explorer when using an older version of the browser. If a user views a malicious page while logged in, settings may be changed unintentionally. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descripti...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in GuppY before 4.6.28 allow remote attackers to inject arbitrary web script or HTML via the 1 "an" parameter to agenda.php or 2 cat parameter to mobile/thread.php...
CVE-2011-3377
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...
CVE-2011-3377
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...
Design/Logic Flaw
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...
CVE-2011-3377
CVE-2011-3377 affects the IcedTea-Web web browser plugin. The vulnerability is a Same Origin Policy bypass in applets whose origin shares the same second-level domain as the target but uses a different sub-domain. Affected are IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4. This bypass can...
CVE-2011-3377
The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x before 1.1.4 allows remote attackers to bypass the Same Origin Policy SOP and execute arbitrary script or establish network connections to unintended hosts via an applet whose origin has the same second-level domain, but a...
Singapore 0.9.9b Beta - Image Gallery Remote File Inclusion / Cross-Site Scripting
source: https://www.securityfocus.com/bid/65420/info Singapore Image Gallery is prone to a remote file-include vulnerability and a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain...
Singapore 0.9.9b Beta - Image Gallery Remote File Inclusion Cross-Site Scripting
Singapore 0.9.9b Beta - Image Gallery Remote File Inclusion Cross-Site Scripting source: https://www.securityfocus.com/bid/65420/info Singapore Image Gallery is prone to a remote file-include vulnerability and a cross-site scripting vulnerability because the application fails to properly sanitize...
Dell KACE K1000 management appliance contains a cross-site scripting vulnerability
Overview Dell KACE K1000 management appliance version 5.5.90545, and possibly earlier versions, contains a cross-site scripting XSS vulnerability. CWE-79 Description Dell KACE K1000 management appliance version 5.5.90545, and possibly earlier versions, contains a cross-site scripting XSS...
phpmyfaq -- multiple vulnerabilities
The phpMyFAQ team reports: An arbitrary script may be executed on the user's Internet Explorer when using an older version of the browser. If a user views a malicious page while logged in, settings may be changed unintentionally...
Fortinet FortiOS 5.0.5 contains a reflected cross-site scripting (XSS) vulnerability
Overview Fortinet FortiOS 5.0.5, and possibly earlier versions, contains a cross-site scripting vulnerability. CWE-79 Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Fortinet FortiOS 5.0.5, and possibly earlier versions, contains a cross-site...
CVE-2013-6235
Multiple cross-site scripting XSS vulnerabilities in JAMon Java Application Monitor 2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 listenertype or 2 currentlistener parameter to mondetail.jsp or ArraySQL parameter to 3 mondetail.jsp, 4 jamonadmin.jsp, 5...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the StackIdeas Komento comkomento component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 website or 2 latitude parameter in a comment to the default URI...
Foro Domus escribir.php email Parameter Cross-Site Scripting - Ver2 (CVE-2006-0110)
A cross-site scripting vulnerability has been reported in Foro Domus. Successful exploitation of this vulnerability would allow a remote attacker to inject arbitrary script into the affected system...
TinyPHPForum action.php txt Parameter Cross-Site Scripting - Ver2 (CVE-2006-0102)
A cross-site scripting vulnerability has been reported in TinyPHPForum. Successful exploitation of this vulnerability would allow a remote attacker to inject arbitrary script into the affected system...
Mozilla Thunderbird does not adequately restrict HTML elements in email message content
Overview Mozilla Thunderbird does not adequately restrict HTML elements in email content, which could allow an attacker to execute arbitrary script when a specially-crafted email message is forwarded or replied to. Description Vulnerability Lab has reported a vulnerability in the way Mozilla...
Maian Uploader 4.0 - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/65137/info Maian Uploader is prone to multiple security vulnerabilities, including: 1. An SQL-injection vulnerability 2. Multiple cross-site scripting vulnerabilities Attackers can exploit these issues to access or modify data, exploit latent...