JVN#18397171: FeedDemon vulnerable to arbitrary script execution

FeedDemon is an RSS/Atom feed reader. FeedDemon is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information when using the "feed preview" option. Impact An arbitrary script embedded in an RSS/Atom feed may be executed on the user's...

Vanilla Forums 2.0.18.4 Tagging Stored XSS

Exploit for php platform in category web applications Title: Vanilla Tagging Stored XSS Date: 1/6/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 http://vanillaforums.org/download Create a new thread and post your XSS as tag...

RSSOwl vulnerable to arbitrary script execution

Overview RSSOwl is vulnerable to arbitrary script execution. RSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Daiki Fukumori of Cyber Defense Institute, Inc. reported this...

Sybase EAServer vulnerable to cross-site scripting

Overview EAServer contains a cross-site scripting vulnerability. EAServer provided by Sybase is an application server. EAServer contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...

JVN#77947437: RSSOwl vulnerable to arbitrary script execution

RSSOwl is an RSS/Atom feed reader. RSSOwl is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version...

Authentication flaw

GR Board aka grboard 1.8.6.5 Community Edition does not require authentication for certain database actions, which allows remote attackers to modify or delete data via a request to 1 modrewrite.php, 2 commentwriteok.php, 3 poll/index.php, 4 update/index.php, 5 trackback.php, or 6 an arbitrary...

Ruubikcms 1.1.x - Cross-Site Scripting Information Disclosure Directory Traversal

Ruubikcms 1.1.x - Cross-Site Scripting Information Disclosure Directory Traversal source: https://www.securityfocus.com/bid/53655/info RuubikCMS is prone to multiple cross-site-scripting vulnerabilities, multiple information-disclosure vulnerabilities, and directory-traversal vulnerability...

pragmaMx 1.12.1 - includeswysiwygspaweditorpluginsimgpopupimg_popup.php?img_url Cross-Site Scripting

pragmaMx 1.12.1 - includeswysiwygspaweditorpluginsimgpopupimgpopup.php?imgurl Cross-Site Scripting source: https://www.securityfocus.com/bid/53669/info PragmaMX is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may...

Yandex.Server 2010 9.0 - text Cross-Site Scripting

Yandex.Server 2010 9.0 - text Cross-Site Scripting source: https://www.securityfocus.com/bid/53622/info Yandex.Server is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code...

PHPhq.Net phAlbum 1.5.1 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53648/info phAlbum is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affecte...

multimedia macro allows execution of arbitrary scripts

The multimedia macro in confluence embeds a swf without the 'allowScriptAccess' attribute set to 'none'. This allows the embedded user submitted swf to execute arbitrary javascript on the page, constituting an XSS vulnerability. The multimedia tag is bundled in with the base product and not an...

PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities

PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/53598/info PHP Address Book is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

PHP Address Book 7.0 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/53598/info PHP Address Book is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...

Unijimpe Captcha - captchademo.php Cross-Site Scripting

Unijimpe Captcha - captchademo.php Cross-Site Scripting source: https://www.securityfocus.com/bid/53585/info The Unijimpe Captcha is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

Unijimpe Captcha - 'captchademo.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53585/info The Unijimpe Captcha is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

backupDB() 1.2.7a - 'onlyDB' Cross-Site Scripting

source: https://www.securityfocus.com/bid/53575/info backupDB is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...

WordPress Plugin Soundcloud Is Gold 2.1 - width Cross-Site Scripting

WordPress Plugin Soundcloud Is Gold 2.1 - width Cross-Site Scripting source: https://www.securityfocus.com/bid/53537/info The Soundcloud Is Gold plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverag...

WordPress Plugin PDF Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities

WordPress Plugin PDF Print Button Joliprint 1.3.0 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/53519/info PDF & Print Button Joliprint plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize...

WordPress Plugin Leaflet Maps Marker 0.0.1 - leaflet_marker.php?id Cross-Site Scripting

WordPress Plugin Leaflet Maps Marker 0.0.1 - leafletmarker.php?id Cross-Site Scripting source: https://www.securityfocus.com/bid/53526/info The Leaflet plugin for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may...

WordPress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities

WordPress Plugin 2 Click Social Media Buttons 0.32.2 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/53521/info The 2 Click Social Media Buttons plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly...