RazorCMS 1.0 - '/admin/index.php' HTML Injection

source: https://www.securityfocus.com/bid/40373/info razorCMS is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to ste...

NPDS REvolution 10.02 Cross Site Request Forgery

Vulnerability ID: HTB22367 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinnpdsrevolution.html Product: NPDS REvolution Vendor: NPDS Vulnerable Version: REvolution 10.02 and Probably Prior Versions Vendor Notification: 06 May 2010 Vulnerability Type: CSRF Cross-Site Request Forgery Status:...

ocPortal 4.3.2 Cross Site Request Forgery

Vulnerability ID: HTB22369 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinocportal.html Product: ocPortal Vendor: ocProducts Ltd Vulnerable Version: 4.3.2 and Probably Prior Versions Vendor Notification: 05 May 2010 Vulnerability Type: CSRF Cross-Site Request Forgery Status: Not Fixed, Vend...

XSS vulnerability in LiSK CMS

Vulnerability ID: HTB22372 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinproduct.html Product: LiSK CMS Vendor: Createch-group Vulnerable Version: 4.4 Vendor Notification: 05 May 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed, Vendor Alerted, Awaiting Vendor...

gpEasy CMS 1.6.2 Cross Site Scripting

Vulnerability ID: HTB22370 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityingpeasycms.html Product: gpEasy CMS Vendor: gpeasy Vulnerable Version: 1.6.2 and Probably Prior Versions Vendor Notification: 05 May 2010 Vulnerability Type: XSS Cross Site Scripting Status: Fixed by Vendor Ris...

Caucho Technology Resin digest.php Cross Site Scripting Vulnerability

This vulnerability do not need to login.digest.php use the REQUEST method in a wrong way to accept parametersthe malicious user could submit xss code on this page and an attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. exp:...

U.S.Robotics USR5463 0.06 Firmware - 'setup_ddns.exe' HTML Injection

source: https://www.securityfocus.com/bid/40292/info U.S.Robotics USR5463 firmware is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowin...

NPDS REvolution 10.02 - 'admin.php' Cross-Site Request Forgery

source: https://www.securityfocus.com/bid/40331/info NPDS Revolution is prone to a cross-site request-forgery vulnerability. Attackers can exploit this issue to compromise the affected application, steal cookie-based authentication credentials, perform unauthorized actions, and disclose or modify...

Lisk CMS 4.4 - 'id' Multiple Cross-Site Scripting / SQL Injections

source: https://www.securityfocus.com/bid/40314/info Lisk CMS is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how...

Shopzilla Affiliate Script PHP - search.php Cross-Site Scripting

Shopzilla Affiliate Script PHP - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40246/info Shopzilla Affiliate Script PHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to...

SoftDirec 1.05 - delete_confirm.php Cross-Site Scripting

SoftDirec 1.05 - deleteconfirm.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40269/info SoftDirec is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may...

Caucho Resin Professional 3.1.5 - resin-admindigest.php Multiple Cross-Site Scripting Vulnerabilities

Caucho Resin Professional 3.1.5 - resin-admindigest.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/40251/info Caucho Resin Professional is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize...

SoftDirec 1.05 - 'delete_confirm.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40269/info SoftDirec is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the...

NPDS REvolution 10.02 - download.php Cross-Site Scripting

NPDS REvolution 10.02 - download.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40227/info NPDS Revolution is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

NPDS REvolution Cross Site Scripting

Vulnerability ID: HTB22363 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinnpds.html Product: NPDS REvolution Vendor: NPDS Vulnerable Version: REvolution 10.02 and Probably Prior Versions Vendor Notification: 29 April 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixe...

Planet Script 1.x - 'idomains.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40203/info Planet Script is prone to a cross-site scripting vulnerability because the it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

NPDS REvolution 10.02 - topic Cross-Site Scripting

NPDS REvolution 10.02 - topic Cross-Site Scripting source: https://www.securityfocus.com/bid/40157/info NPDS Revolution is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute...

TomatoCMS 2.0.x - SQL Injection

source: https://www.securityfocus.com/bid/40108/info TomatoCMS is prone to a SQL-injection vulnerability and multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to compromise the application,...

EasyPublish CMS 23.04.2010 - URI Cross-Site Scripting

EasyPublish CMS 23.04.2010 - URI Cross-Site Scripting source: https://www.securityfocus.com/bid/40037/info EasyPublish CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script...

Advanced Poll 2.0 - 'mysql_host' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40045/info Advanced Poll is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting us...