Apache Struts 2.0.0 < 2.2.1.1 - XWork 's:submit' HTML Tag Cross-Site Scripting

source: https://www.securityfocus.com/bid/47784/info Apache Struts is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. Successful exploitation requires 'Dynamic Method Invocation' to be enabled by default. An attacker may leverage this...

Calendarix 0.8.20080808 - Multiple Cross-Site Scripting / SQL Injections

source: https://www.securityfocus.com/bid/47790/info Calendarix is prone to multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues could allow an attacker to steal...

Calendarix 0.8.20080808 - Multiple Cross-Site Scripting SQL Injections

Calendarix 0.8.20080808 - Multiple Cross-Site Scripting SQL Injections source: https://www.securityfocus.com/bid/47790/info Calendarix is prone to multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied...

encoder 0.4.10 - 'edit.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47755/info encoder is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

encoder 0.4.10 - edit.php Cross-Site Scripting

encoder 0.4.10 - edit.php Cross-Site Scripting source: https://www.securityfocus.com/bid/47755/info encoder is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

Request Tracker (RT) 3.6.x < 3.6.11, 3.8.x < 3.8.10 Security Bypass Vulnerability

Request Tracker RT is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PHPDug 2.0.0 - Multiple Vulnerabilities

Vulnerability ID: HTB22971 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinphpdug.html Product: PHPDug Vendor: Kubelabs.com http://www.kubelabs.com/ Vulnerable Version: 2.0.0 and probably prior versions Vendor Notification: 21 April 2011 Vulnerability Type: CSRF Cross-Site Request Forgery Ri...

BMC Dashboards 7.6.01 - Cross-Site Scripting / Information Disclosure

source: https://www.securityfocus.com/bid/47731/info BMC Dashboards is prone to to multiple information-disclosure and cross-site scripting issues because the application fails to properly sanitize user-supplied input. A remote attacker may leverage the cross-site scripting issues to execute...

PHP Directory Listing Script 3.1 Cross Site Scripting

Vulnerability ID: HTB22968 Reference: http://www.htbridge.ch/advisory/xssinphpdirectorylistingscript.html Product: PHP Directory Listing Script Vendor: http://www.evoluted.net http://www.evoluted.net Vulnerable Version: 3.1 Vendor Notification: 21 April 2011 Vulnerability Type: XSS Cross Site...

HTB22963: CSRF &#40;Cross-Site Request Forgery&#41; in SelectaPix Image Gallery

Vulnerability ID: HTB22963 Reference: http://www.htbridge.ch/advisory/csrfcrosssiterequestforgeryinselectapiximagegallery.html Product: SelectaPix Image Gallery Vendor: http://www.outofthetrees.co.uk/ http://www.outofthetrees.co.uk/ Vulnerable Version: 1.4.1 Vendor Notification: 19 April 2011...

Web Auction 0.3.6 - lang Cross-Site Scripting

Web Auction 0.3.6 - lang Cross-Site Scripting source: https://www.securityfocus.com/bid/47682/info Web Auction is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

YaPiG 0.95 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/47698/info YaPIG is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

SelectaPix 1.4.1 - &#039;uploadername&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/47701/info SelectaPix is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context...

YaPiG 0.95 - Multiple Cross-Site Scripting Vulnerabilities

YaPiG 0.95 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/47698/info YaPIG is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...

E2 Photo Gallery 0.9 - index.php Cross-Site Scripting

E2 Photo Gallery 0.9 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/47697/info E2 Photo Gallery is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script...

LDAP Account Manager 3.4.0 - &#039;selfserviceSaveOk&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/47674/info LDAP Account Manager is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in t...

Kusaba X Multiple Cross Site Scripting Vulnerabilities

Kusaba X is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...

HP SiteScope XSS

There is a cross-site scripting vulnerability in this installation of HP SiteScope that may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user. Such script code could steal authentication credentials and be used to launch other attacks. %NASLMINLEVEL 70300 C...

Atlassian Confluence Multiple Cross Site Scripting Vulnerabilities

Atlassian Confluence is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user- supplied data. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

HP SiteScope Cross Site Scripting and HTML Injection Vulnerabilities

HP SiteScope is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user- supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the contex...