phpBugTracker 0.9 - query.php Multiple Cross-Site Scripting Vulnerabilities

phpBugTracker 0.9 - query.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. Thes...

WebCT Campus Edition 3.84.x - HTML Injection

WebCT Campus Edition 3.84.x - HTML Injection source: https://www.securityfocus.com/bid/9999/info It has been reported that WebCT Campus Edition may be prone to an HTML injection vulnerability that may allow a remote attacker to execute arbitrary HTML or script code in the browser of an unsuspecti...

Topic Calendar 1.0.1 - Calendar_Scheduler.php Cross-Site Scripting

Topic Calendar 1.0.1 - CalendarScheduler.php Cross-Site Scripting source: https://www.securityfocus.com/bid/12893/info Topic Calendar is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An...

CVE-2004-0314

Cross-site scripting XSS vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter...

CVE-2004-0248

CVE-2004-0248 describes a cross-site scripting (XSS) vulnerability in PHPX 3.2.3. The issue allows remote attackers to run arbitrary script as another user by injecting HTML or script into three inputs: the keywords argument of main.inc.php, the body argument of help.inc.php, or the subject field...

CVE-2004-0337

The CVE-2004-0337 entry documents a cross-site scripting vulnerability in LAN SUITE Web Mail 602Pro. An attacker could craft a URL to index.html with a trailing slash and script payload to execute arbitrary script/HTML as another user. The vendor notes the bug could not be reproduced, leaving unc...

CVE-2004-0337

Cross-site scripting XSS vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / slash and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be...

CVE-2004-0319

This CVE (CVE-2004-0319) concerns a Cross-site scripting (XSS) vulnerability in ezBoard 7.3u. The underlying issue is within the font tag handling, where attacker-controlled content can be injected via background:url used in a (1) font color or (2) font face argument, allowing remote execution of...

CVE-2004-0251

The CVE-2004-0251 issue affects the web CGI component rxgoogle.cgi. The concrete vulnerability is a Cross-site Scripting (XSS) flaw in the rxgoogle.cgi query parameter, which can allow remote attackers to execute arbitrary script in the context of other users. The available connected records stat...

CVE-2004-0319

Cross-site scripting XSS vulnerability in the font tag in ezBoard 7.3u allows remote attackers to execute arbitrary script as other users, as demonstrated using the background:url in a 1 font color or 2 font face argument...

CVE-2004-0251

Cross-site scripting XSS vulnerability in rxgoogle.cgi allows remote attackers to execute arbitrary script as other users via the query parameter...

CVE-2004-0322

Multiple cross-site scripting XSS vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the 1 member parameter in member.php, 2 uid parameter in u2uadmin.php, 3 user parameter in editprofile.php, 4 an onmouseover event in an align tag when bbco...

XMB Forum 1.8 - 'editprofile.php?user' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9726/info XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities. The issues present themselves due to insufficient sanitization of remote user supplied data. An attacker may exploit any one of...

CVE-2003-1347

Multiple cross-site scripting XSS vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the 1 cid parameter to comment.php, 2 uid parameter to profiles.php, 3 uid to users.php, and 4 homepage field...

CVE-2003-1519

Cross-site scripting XSS vulnerability in Vivisimo clustering engine allows remote attackers to inject arbitrary web script or HTML via the query parameter to the search program...

CVE-2003-0712

Cross-site scripting XSS vulnerability in the HTML encoding for the Compose New Message form in Microsoft Exchange Server 5.5 Outlook Web Access OWA allows remote attackers to execute arbitrary web script...

CVE-2003-1145

Cross-site scripting XSS vulnerability in friendmail.php in OpenAutoClassifieds 1.0 allows remote attackers to inject arbitrary web script or HTML via the listing parameter...

Vivisimo Clustering Engine - Search Script Cross-Site Scripting

source: https://www.securityfocus.com/bid/8862/info Vivisimo Clustering Engine reported prone to cross-site scripting vulnerability. The problem occurs due to insufficient sanitization of parameters passed to the search script. As a result, an attacker may be capable of constructing a link design...

CVE-2003-0763

CVE-2003-0763 describes a Cross-site scripting (XSS) vulnerability in the Escapade Scripting Engine (ESP). The issue arises from unsanitized input in the method parameter (demonstrated via the PAGE parameter), enabling remote attackers to inject arbitrary script. Documents indicate the affected c...

CVE-2003-0769

Cross-site scripting XSS vulnerability in the ICQ Web Front guestbook guestbook.html allows remote attackers to insert arbitrary web script and HTML via the message field...