Nagl XOOPS Dictionary Module 1.0 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/11064/info Reportedly the XOOPS Dictionary Module by Nagle is affected by multiple cross-site scripting vulnerabilities. This issue is due to a failure of the application to properly sanitize user-supplied URI input. As a result of this issue and attacker...

Powie's PSCRIPT Forum fails to filter user posts

Overview Powie's PSCRIPT Forum fails to properly sanitize user input, which allows an attacker to create a user profile that can execute arbitrary scripts in a victim's web browser when the victim views the profile. Description Powie's PSCRIPT Forum is an online forum application written in PHP...

Hosting Controller Multiple Script Arbitrary Directory Browsing

Binary data 1692.prm...

Mozilla Thunderbird < 2.0.0.22 Multiple Vulnerabilities

Binary data 5001.prm...

CVE-2004-0584

Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting XSS vulnerability...

CVE-2004-0663

Cross-site scripting XSS vulnerability in modules.php in PowerPortal 1.x allows remote attackers to inject arbitrary script or HTML via the 1 id parameter to the a privatemessages module; 2 search parameter to the b links and c content modules; and 3 files parameter to the gallery module...

DSA-535 squirrelmail - several vulnerabilities

Bulletin has no description...

CVE-2004-0726

The CVE-2004-0726 entry concerns the Windows Media Player control in Microsoft Windows 2000. Affected component: Windows Media Player control. Vulnerability: remote attackers can cause JavaScript in an ASX filename to be executed within the local computer zone, specifically in a preview panel, le...

Imatix Xitami 2.5 - Server-Side Includes Cross-Site Scripting

Imatix Xitami 2.5 - Server-Side Includes Cross-Site Scripting source: https://www.securityfocus.com/bid/10778/info It is reported that Imatix Xitami is affected by a cross-site scripting vulnerability in the server side includes test script. This issue is due to a failure of the application to...

Imatix Xitami 2.5 - Server-Side Includes Cross-Site Scripting

source: https://www.securityfocus.com/bid/10778/info It is reported that Imatix Xitami is affected by a cross-site scripting vulnerability in the server side includes test script. This issue is due to a failure of the application to properly sanitize user-supplied input. Successful exploitation o...

CVE-2004-0663

CVE-2004-0663 affects PowerPortal 1.x, where a cross-site scripting (XSS) flaw exists in modules.php. The vulnerability enables injection of arbitrary script or HTML via (1) id in the private_messages module, (2) search in the links and content modules, and (3) files in the gallery module. These ...

CVE-2004-0678

Cross-site scripting XSS in one2planet.infolet.InfoServlet in 12Planet Chat Server 2.9 allows remote attackers to execute arbitrary script as other users via the page parameter...

CVE-2004-0660

Cross-site scripting XSS vulnerability in 1 showarchives.php, 2 shownews.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter...

CVE-2004-0606

Cross-site scripting XSS vulnerability in Infoblox DNS One running firmware 2.4.0-8 and earlier allows remote attackers to execute arbitrary scripts as other users via the 1 CLIENTID or 2 HOSTNAME option of a DHCP request...

CVE-2004-0584

CVE-2004-0584 refers to an input validation vulnerability in Horde IMP up to version 3.2.3 (and earlier) that can allow remote attackers to inject script via HTML or script in email messages, potentially triggering a cross-site scripting (XSS) condition. Affected software: Horde IMP 3.2.3 and ear...

CVE-2004-1969

The avatar upload capability in Open Bulletin Board OpenBB 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript...

Fusionphp Fusion News 3.6.1 - Cross-Site Scripting

Fusionphp Fusion News 3.6.1 - Cross-Site Scripting source: https://www.securityfocus.com/bid/10203/info An attacker may be capable of executing arbitrary script code in a browser of a target user and within the context of a visited web site. This may potentially lead to theft of cookie based...

ProfitCode Software PayProCart 3.0 - AdminShop TaskID Cross-Site Scripting

ProfitCode Software PayProCart 3.0 - AdminShop TaskID Cross-Site Scripting source: https://www.securityfocus.com/bid/13307/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may...

ProfitCode Software PayProCart 3.0 - AdminShop TaskID Cross-Site Scripting

source: https://www.securityfocus.com/bid/13307/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser o...

phpBugTracker 0.9 - user.php?bugid Cross-Site Scripting

phpBugTracker 0.9 - user.php?bugid Cross-Site Scripting source: https://www.securityfocus.com/bid/10153/info Reportedly phpBugTracker contains multiple input validation vulnerabilities; it is prone to multiple SQL injection, cross-site scripting and HTML injection issues. These issues are all due...