Community Server - SearchResults.aspx Cross-Site Scripting

Community Server - SearchResults.aspx Cross-Site Scripting source: https://www.securityfocus.com/bid/22529/info Community Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22534/info WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This...

JVN#84430861 Sage vulnerable to arbitrary script execution

Impact An arbitrary script may be executed on Mozilla Firefox. For example, local files could be accessed. Solution Products Affected Sage 1.3.9 and earlier This vulnerability affects Sage++ as well. As of February 9, 2007, Sage++ is no longer available and is no longer being updated. It is...

CVE-2007-0807

Cross-site scripting XSS vulnerability in info.php in flashChat 4.7.8 allows remote attackers to inject arbitrary web script or HTML via a channel title aka room name that is not properly handled by the "who's online" feature...

Adobe ColdFusion 67 - User_Agent Error Page Cross-Site Scripting

Adobe ColdFusion 67 - UserAgent Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/22401/info Adobe ColdFusion is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker could exploit this vulnerability to...

OpenEMR 2.8.2 - 'Login_Frame.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22348/info OpenEMR is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 LogoffMessage parameter to logofflast.aspx or the 2 txtUsername parameter to Default.aspx. NOTE: The provenance of this informatio...

JVN#80271113 MODx cross-site scripting vulnerability

Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution Products Affected MODx 0.9.2.x and earlier...

Yahoo! Messenger 8.0 - Notification Message HTML Injection

Yahoo! Messenger 8.0 - Notification Message HTML Injection source: https://www.securityfocus.com/bid/22269/info Yahoo! Messenger is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

JVN#93700808 Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Impact An arbitrary script could be executed in an inappropriate security zone. Solution Products Affected Sleipnir 2.49 and earlier Portable Sleipnir 2.45 and earlier RSS bar for Sleipnir 1.28 Release3 and earlier...

lmmhi-xss.txt

Login Manager Multiple HTML Injections Login Manager is a powerful, robust system that enables web administrators to manage website user accounts easily, create membership protected areas, and effortlessly prevent unauthorized user access to secured areas. Login Manager 3 “LM3” uses PHP and MySQL...

paypal-inject.txt

Paypal Subscription Manager allows webmaster easily create subscription web site, visitors can access to digital product instantly after paying through Paypal, PSM provides ability to effortlessly process subscription and protect membership areas. PSM uses PHP and MySQL for fast, efficient,...

JVN#95249468 Fresh Reader RSS feed cross-site scripting vulnerability

Impact An arbitrary script could be executed on the web browser of a Fresh Reader user. Solution Products Affected Fresh Reader Ver 1.0.06053100 and earlier For more information, refer to the vendor's website...

JVN#13939411 Drupal cross-site scripting vulnerability

Impact An arbitrary script could be executed on the browser of the user who logged into Drupal. In addition, if session information from a cookie is leaked, a remote attacker could possibly conduct session hijacking. Solution Products Affected Drupal 4.6.10 and earlier Drupal 4.7.4 and earlier...

DT_Guestbook 1.0 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22078/info The 'dtguestbook' program is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...

MediaWiki 1.x - AJAX index.php Cross-Site Scripting

MediaWiki 1.x - AJAX index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21956/info MediaWiki is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary scri...

MediaWiki 1.x - 'AJAX index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21956/info MediaWiki is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in th...

Adobe Acrobat Reader Plugin 7.0.x - acroreader Cross-Site Scripting

Adobe Acrobat Reader Plugin 7.0.x - acroreader Cross-Site Scripting Stefano Di Paola http://www.wisec.it/ From Secunia: Input passed to a hosted PDF file is not properly sanitised by the browser plug-in before being returned to users. This can be exploited to execute arbitrary script code in a...

EditTag 1.2 - 'mkpw.pl?plain' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21891/info EditTag is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in t...

Adobe Acrobat Reader Plugin <= 7.0.x (acroreader) XSS Vulnerability

Exploit for unknown platform in category remote exploits =================================================================== Adobe Acrobat Reader Plugin = 7.0.x acroreader XSS Vulnerability =================================================================== Stefano Di Paola http://www.wisec.it/...