7613 matches found
Tokyo BBS vulnerable to cross-site scripting
Overview Tokyo BBS contains a cross-site scripting vulnerability. Tokyo BBS provided by Come on Girls Interface contains a cross-site scripting vulnerability. Naohiko Tsuda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...
Gramophone - 'rs' Cross-Site Scripting
source: https://www.securityfocus.com/bid/56299/info Gramophone is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
Amateur Photographer's Image Gallery - 'plist.php?albumid' SQL Injection
source: https://www.securityfocus.com/bid/56110/info Amateur Photographer's Image Gallery is prone to multiple SQL injection vulnerabilities, a cross-site scripting vulnerability, and an arbitrary file-disclosure vulnerability because the application fails to sufficiently sanitize user-supplied...
WordPress Plugin Wordfence Security - Cross-Site Scripting
WordPress Plugin Wordfence Security - Cross-Site Scripting source: https://www.securityfocus.com/bid/56159/info The Wordfence Security plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this iss...
Amateur Photographers Image Gallery - force-download.php?File Information Disclosure
Amateur Photographers Image Gallery - force-download.php?File Information Disclosure source: https://www.securityfocus.com/bid/56110/info Amateur Photographer's Image Gallery is prone to multiple SQL injection vulnerabilities, a cross-site scripting vulnerability, and an arbitrary file-disclosure...
WordPress Plugin Slideshow - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/56090/info The Slideshow plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an...
WANem - Multiple Cross-Site Scripting Vulnerabilities
WANem - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/56326/info WANem is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script...
WordPress Plugin Crayon Syntax Highlighter - 'wp_load' Remote File Inclusion
source: https://www.securityfocus.com/bid/55919/info The Crayon Syntax Highlighter plug-in for WordPress is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow a remote attacker to obtain sensitive...
WordPress Plugin Crayon Syntax Highlighter - wp_load Remote File Inclusion
WordPress Plugin Crayon Syntax Highlighter - wpload Remote File Inclusion source: https://www.securityfocus.com/bid/55919/info The Crayon Syntax Highlighter plug-in for WordPress is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input...
SA-CONTRIB-2012-149 - Hostip - Cross Site Scripting (XSS)
Hostip enables you to query the http://www.hostip.info/ API to get the country / state information based on the user's IP address or a specific IP passed to it. The module fails to sanitize data retrieved from an untrusted third party source, thereby exposing an arbitrary script injection...
ZenPhoto - admin-news-articles.php Cross-Site Scripting
ZenPhoto - admin-news-articles.php Cross-Site Scripting source: https://www.securityfocus.com/bid/55755/info Zenphoto is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
ZenPhoto - 'admin-news-articles.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/55755/info Zenphoto is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affect...
CVE-2012-5233
Cross-site scripting XSS vulnerability in the stickynote module before 7.x-1.1 for Drupal allows remote authenticated users with edit stickynotes privileges to inject arbitrary web script or HTML via unspecified vecotrs...
CVE-2012-5226
Multiple cross-site scripting XSS vulnerabilities in Peel SHOPPING 2.8 and 2.9 allow remote attackers to inject arbitrary web script or HTML via the 1 motclef parameter to achat/recherche.php or 2 PATHINFO to index.php...
WordPress Akismet Plugin - Multiple Cross Site Scripting Vulnerabilities
WordPress Akismet plugin is prone to multiple cross-site scripting vulnerabilities. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based...
WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Akismet - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/55749/info The Akismet plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may...
WordPress Plugin ABC Test - id Cross-Site Scripting
WordPress Plugin ABC Test - id Cross-Site Scripting source: https://www.securityfocus.com/bid/55689/info The ABC Test plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...
CVE-2012-0869
Cross-site scripting XSS vulnerability in fup in Frams' Fast File EXchange FEX, aka fex before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter...
WordPress Plugin Token Manager - tid Cross-Site Scripting
WordPress Plugin Token Manager - tid Cross-Site Scripting source: https://www.securityfocus.com/bid/55664/info The Token Manager plugin for WordPress is prone to a cross-site-scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to...
CVE-2011-5177
Multiple cross-site scripting XSS vulnerabilities in admin/controller.php in eSyndiCat Pro 2.3.05 allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to the admins 2 blocks, 3 articles, or 4 suggest-category; or 5 sort parameter to the search page...