Technicolor THOMSON TG585v7 Wireless Router - url Cross-Site Scripting

Technicolor THOMSON TG585v7 Wireless Router - url Cross-Site Scripting source: https://www.securityfocus.com/bid/47390/info Technicolor THOMSON TG585v7 Wireless Router is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. Attacker...

MediaWiki API XSS

A cross-site scripting vulnerability exists in this installation of MediaWiki that allows an attacker to execute arbitrary script code in the browser of an unsuspecting user. Such script code could steal authentication credentials and be used to launch other attacks. %NASLMINLEVEL 70300 C Tenable...

Technicolor THOMSON TG585v7 Wireless Router - 'url' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47390/info Technicolor THOMSON TG585v7 Wireless Router is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. Attackers may exploit this issue by enticing victims into visiting a malicious...

HTB22917: XSS vulnerabilities in phpCollab

Vulnerability ID: HTB22917 Reference: http://www.htbridge.ch/advisory/xssvulnerabilitiesinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011 Vulnerability Type: Stored XSS Cross...

phpCollab 2.5 XSRF / XSS / Path Disclosure

================================= Vulnerability ID: HTB22918 Reference: http://www.htbridge.ch/advisory/pathdisclosureinphpcollab.html Product: phpCollab Vendor: phpCollab Team http://www.php-collab.org/ Vulnerable Version: 2.5 and probably prior versions Vendor Notification: 24 March 2011...

Maia Mailguard 1.0.2a Cross Site Scripting

=================================== BUGUROO SECURITY SYSTEMS ALERT - Advisory: http://buguroo.com/adv/BugurooADV2011-001.txt - Discovered on: March 29th, 2011 - Discovered by: Mario Lopez mlopez at buguroo dot com - Severity: 5/10 =================================== 1. VULNERABILITY...

vTiger CRM 5.2.1 - 'vtigerservice.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47267/info vtiger CRM is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context...

TextPattern 4.2 - index.php Cross-Site Scripting

TextPattern 4.2 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/47182/info TextPattern is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in...

Redmine 1.0.11.1.1 - projectshg-hellowwordnews Cross-Site Scripting

Redmine 1.0.11.1.1 - projectshg-hellowwordnews Cross-Site Scripting source: https://www.securityfocus.com/bid/47193/info Redmine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

Redmine 1.0.1/1.1.1 - 'projects/hg-hellowword/news/' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47193/info Redmine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of th...

TextPattern 4.2 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47182/info TextPattern is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the contex...

Eleanor CMS - Cross-Site Scripting / Multiple SQL Injections

source: https://www.securityfocus.com/bid/47164/info Eleanor CMS is prone to a cross-site scripting vulnerability and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to execute arbitrary script co...

Gazelle CMS 1.0 - Cross-Site Scripting / SQL Injection

source: https://www.securityfocus.com/bid/47157/info Anantasoft Gazelle CMS is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or...

Yaws-Wiki 1.88-1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/47158/info Yaws-Wiki is prone to multiple cross-site scripting vulnerabilities and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow...

WordPress Plugin Placester 0.1 - 'ajax_action' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47142/info The Placester WordPress Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting us...

Collabtive Multiple Remote Input Validation Vulnerabilities

Collabtive is prone to multiple remote input-validation vulnerabilities including cross-site scripting, HTML-injection, and directory-traversal issues. Attackers can exploit these issues to obtain sensitive information, execute arbitrary script code, and steal cookie-based authentication...

AWCM 2.x - search.php Cross-Site Scripting

AWCM 2.x - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/47126/info AWCM is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to...

InTerra Blog Machine 1.84 - Cross-Site Scripting

InTerra Blog Machine 1.84 - Cross-Site Scripting Vulnerability ID: HTB22931 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityininterrablogmachin e.html Product: InTerra Blog Machine Vendor: InTerra Blog Machine Team http://code.google.com/p/interra/ Vulnerable Version: 1.84 and probably...

Collabtive 0.6.5 XSS / XSRF / Directory Traversal

============================== Vulnerability ID: HTB22907 Reference: http://www.htbridge.ch/advisory/directorytraversalincollabtive.html Product: Collabtive Vendor: Open Dynamics http://collabtive.o-dyn.de/ Vulnerable Version: 0.6.5 and probably prior versions Vendor Notification: 17 March 2011...

Collabtive 0.6.5 - Multiple Remote Input Validation Vulnerabilities

Collabtive 0.6.5 - Multiple Remote Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/47105/info Collabtive is prone to multiple remote input-validation vulnerabilities including cross-site scripting, HTML-injection, and directory-traversal issues. Attackers can exploit...