CS-Cart version 4.0.2 contains cross-site scripting vulnerabilities

Overview CS-Cart version 4.0.2 and possibly earlier versions contain cross-site scripting XSS vulnerabilities CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CS-Cart version 4.0.2 and possibly earlier versions contain cross-site...

Web Video Streamer - Multiple Vulnerabilities

Web Video Streamer - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/65350/info Web Video Streamer is prone to following multiple security vulnerabilities: 1. Multiple cross-site scripting vulnerabilities 2. A directory-traversal vulnerability 3. A command-injection vulnerabili...

BloofoxCMS 0.5.0 - 'fileurl' Local File Inclusion

source: https://www.securityfocus.com/bid/65019/info bloofoxCMS is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. Multiple cross-site request forgery vulnerabilities 3. A local file-include vulnerability Exploiting these issues could allow an attacke...

BloofoxCMS 0.5.0 - fileurl Local File Inclusion

BloofoxCMS 0.5.0 - fileurl Local File Inclusion source: https://www.securityfocus.com/bid/65019/info bloofoxCMS is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. Multiple cross-site request forgery vulnerabilities 3. A local file-include vulnerabilit...

BloofoxCMS - bloofoxindex.php?Username SQL Injection

BloofoxCMS - bloofoxindex.php?Username SQL Injection source: https://www.securityfocus.com/bid/65019/info bloofoxCMS is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. Multiple cross-site request forgery vulnerabilities 3. A local file-include...

CVE-2012-6621

Multiple cross-site scripting XSS vulnerabilities in GetSimple CMS 3.1, 3.1.2, 3.2.3, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 Email Address or 2 Custom Permalink Structure fields in admin/settings.php; 3 path parameter to admin/upload.php; 4 err paramet...

Cross site scripting

Cross-site scripting XSS vulnerability in the web interface in Cisco Secure Access Control System ACS allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCud89431...

Dredge School Administration System - '/DSM/loader.php?Id' SQL Injection

source: https://www.securityfocus.com/bid/64720/info Dredge School Administration System is prone to the following security vulnerabilities: 1. An SQL-injection vulnerability 2. A cross-site request forgery vulnerability 3. A cross-site scripting vulnerability 4. An information-disclosure...

Dredge School Administration System - DSMloader.php Cross-Site Request Forgery (Admin Account Manipulation)

Dredge School Administration System - DSMloader.php Cross-Site Request Forgery Admin Account Manipulation source: https://www.securityfocus.com/bid/64720/info Dredge School Administration System is prone to the following security vulnerabilities: 1. An SQL-injection vulnerability 2. A cross-site...

Dredge School Administration System - DSMloader.php?Id SQL Injection

Dredge School Administration System - DSMloader.php?Id SQL Injection source: https://www.securityfocus.com/bid/64720/info Dredge School Administration System is prone to the following security vulnerabilities: 1. An SQL-injection vulnerability 2. A cross-site request forgery vulnerability 3. A...

Dredge School Administration System - DSMloader.php Account Information Disclosure

Dredge School Administration System - DSMloader.php Account Information Disclosure source: https://www.securityfocus.com/bid/64720/info Dredge School Administration System is prone to the following security vulnerabilities: 1. An SQL-injection vulnerability 2. A cross-site request forgery...

JVN#69700259: HP Autonomy Ultraseek vulnerable to cross-site scripting

HP Autonomy Ultraseek provided by Hewlett-Packard Development Company, L.P. contains an issue in handling specific character encoding, which may result in cross-site scripting. Impact An arbitrary script may be executed on the user's Internet Explorer. Solution Update the Software Update the...

TYPO3 Felogin System Extension Cross Site Scripting Vulnerability

TYPO3 is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3";...

AFCommerce - 'controlheader.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/64541/info AFCommerce is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information or to execute arbitrary...

AFCommerce - 'adminpassword.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/64541/info AFCommerce is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information or to execute arbitrary...

AFCommerce - 'adblock.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/64541/info AFCommerce is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentially sensitive information or to execute arbitrary...

AFCommerce - adblock.php Remote File Inclusion

AFCommerce - adblock.php Remote File Inclusion source: https://www.securityfocus.com/bid/64541/info AFCommerce is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker can exploit these vulnerabilities to obtain potentiall...

Cross site scripting

Cross-site scripting XSS vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the "Max allowance" field in the "Set limit" form...

Piwigo - 'admin.php' Cross-Site Request Forgery (User Creation)

source: https://www.securityfocus.com/bid/64357/info Piwigo is prone to cross-site request-forgery and HTML-injection vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain unauthorized actions, execute arbitrary script or HTML code within the context of the...

Zimbra < 7.0.0 LFI Vulnerability - Active Check

Zimbra is prone to a local file include LFI vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zimbra:collaboration";...