7610 matches found
Popper Webmail 1.41 - ChildWindow.Inc.php Remote File Inclusion
Popper Webmail 1.41 - ChildWindow.Inc.php Remote File Inclusion source: https://www.securityfocus.com/bid/13851/info Popper is affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this...
[Full-disclosure] XSS Bug in Jaws Glossary Action: ViewTerm ( v 0.4 - 0.5.1 (latest version))
XSS Bug in Jaws Glossary v 0.4 - 0.5.1 latest version STATUS: The vendor has been contacted, fixed in cvs. Jaws is a Framework and Content Management System for building dynamic web sites. It aims to be User Friendly giving ease of use and lots of ways to customize web sites, but at the same time...
CVE-2004-2128
Cross-site scripting XSS vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll...
CVE-2004-2096
Cross-site scripting XSS vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL...
CVE-2004-2130
Multiple cross-site scripting XSS vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the 1 folder or 2 mode variables...
CVE-2004-2115
Multiple cross-site scripting XSS vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the 1 action, 2 username, or 3 password parameters in an isqlplus request...
BEA WebLogic 7.08.1 - Administration Console LoginForm.jsp Cross-Site Scripting
BEA WebLogic 7.08.1 - Administration Console LoginForm.jsp Cross-Site Scripting source: https://www.securityfocus.com/bid/13793/info BEA WebLogic Server And WebLogic Express are affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitiz...
BEA WebLogic 7.0/8.1 - Administration Console LoginForm.jsp Cross-Site Scripting
source: https://www.securityfocus.com/bid/13793/info BEA WebLogic Server And WebLogic Express are affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'LoginForm.jsp' script. An attacker may leverage th...
BookReview 1.0 - suggest_category.htm?node Cross-Site Scripting
BookReview 1.0 - suggestcategory.htm?node Cross-Site Scripting source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...
BookReview 1.0 - add_classification.htm?isbn Cross-Site Scripting
BookReview 1.0 - addclassification.htm?isbn Cross-Site Scripting source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker ma...
BookReview 1.0 - 'suggest_review.htm?node' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in...
BookReview 1.0 - 'add_url.htm?node' Cross-Site Scripting
source: https://www.securityfocus.com/bid/13783/info BookReview is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in...
Groove Virtual Office / Workspace Multiple Vulnerabilities
According the remote registry, the version of Groove Virtual Office or Groove Workspace on the remote host suffers from multiple vulnerabilities. Some of these flaws may allow for arbitrary script execution, disclosure of sensitive information, and denial of service, all from remote users. C...
CVE-2002-1662
Multiple cross-site scripting XSS vulnerabilities in Mambo Site Server 4.0.11 allow remote attackers to execute arbitrary script on other clients via 1 search.php and 2 the "Your name" field during account registration...
CVE-2005-1193
The CVE-2005-1193 vulnerability affects phpBB up to version 2.0.14 (before 2.0.15). The bbencode_second_pass and make_clickable functions in bbcode.php fail to filter BBCode URLs, allowing remote attackers to execute arbitrary script via URL schemes such as javascript:, applet:, about:, activex:,...
CVE-2005-1193
The bbencodesecondpass and makeclickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a 1 javascript:, 2 applet:, 3 about:, 4 activex:, 5 chrome:, or 6 script: UR...
Skull-Splitter Guestbook Multiple Field XSS
The remote version of this software is vulnerable to cross-site scripting attacks. Inserting special characters into the subject or message content can cause arbitrary script code execution for third-party users, thus resulting in a loss of integrity of their system. %NASLMINLEVEL 70300 This scri...
CVE-2005-1498
Multiple cross-site scripting XSS vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 year parameter in viewmode.php, or the 2 catid, 3 monthno, or 4 postid parameter in index.php, which are not properly sanitized before they are displayed in...
CVE-2004-1969
The avatar upload capability in Open Bulletin Board OpenBB 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript...
CVE-2004-1818
CVE-2004-1818 describes a cross-site scripting (XSS) vulnerability in the nmimage.php script of 4nalbum 0.92 running on PHP-Nuke 6.5–7.0. Attackers can inject arbitrary script via the z parameter to execute code in the context of other users. The provided documents do not specify exploit details,...