vBulletin 3.5.4 - Multiple Cross-Site Scripting Vulnerabilities

vBulletin 3.5.4 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/38179/info vBulletin is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute...

VideoDB 3.0.3 - 'login.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/38155/info VideoDB is prone to an cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

ShopEx Single 4.5.1 - 'errinfo' Cross-Site Scripting

source: https://www.securityfocus.com/bid/39941/info ShopEx Single is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Sterlite SAM300 AX Router - Stat_Radio Cross-Site Scripting

Sterlite SAM300 AX Router - StatRadio Cross-Site Scripting source: https://www.securityfocus.com/bid/39928/info The Sterlite SAM300 AX Router is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have...

COMTREND CT-507 IT ADSL Router - scvrtsrv.cmd Cross-Site Scripting

COMTREND CT-507 IT ADSL Router - scvrtsrv.cmd Cross-Site Scripting source: https://www.securityfocus.com/bid/38004/info Comtrend CT-507 IT is prone to a cross-site scripting vulnerability because the device's web interface fails to properly sanitize user-supplied input. An attacker may leverage...

Discuz! 6.0 - 'tid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/37982/info Discuz! is prone to an cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

SAP BusinessObjects 12 - URI redirection / Cross-Site Scripting

source: https://www.securityfocus.com/bid/37972/info SAP BusinessObjects is prone to multiple URI-redirection issues and multiple cross-site scripting issues because it fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary script or HTML code,...

CVE-2008-7253

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and...

Design/Logic Flaw

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and...

CVE-2008-7253

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and...

CVE-2010-0386

CVE-2010-0386 affects Sun Java System Application Server 7 and 7 2004Q2. The default config enables HTTP TRACE, enabling remote attackers to steal cookies and authentication credentials via cross-site tracing (XST); related to CVE-2004-2763 and CVE-2005-3398. The connected documents provide the v...

CVE-2008-7253

The CVE-2008-7253 entry describes a vulnerability in IBM Lotus Domino Server where the default web server configuration enables the HTTP TRACE method (potentially in Domino Server versions 6.0–8.0). This enables an XST-style exposure that could allow remote attackers to steal cookies and authenti...

kloNews 2.0 - cat.php Cross-Site Scripting

kloNews 2.0 - cat.php Cross-Site Scripting source: https://www.securityfocus.com/bid/39987/info kloNews is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browse...

Bits Video Script 2.042.05 - search.php Cross-Site Scripting

Bits Video Script 2.042.05 - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40716/info Bits Video Script is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

Serialsystem 1.0.4 Beta - list Cross-Site Scripting

Serialsystem 1.0.4 Beta - list Cross-Site Scripting source: https://www.securityfocus.com/bid/40236/info Serialsystem is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script cod...

Easysitenetwork Jokes Complete Website - searchingred Cross-Site Scripting

Easysitenetwork Jokes Complete Website - searchingred Cross-Site Scripting source: https://www.securityfocus.com/bid/37852/info EasySiteNetwork Jokes Complete Website is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacke...

Easysitenetwork Jokes Complete Website - id Cross-Site Scripting

Easysitenetwork Jokes Complete Website - id Cross-Site Scripting source: https://www.securityfocus.com/bid/37852/info EasySiteNetwork Jokes Complete Website is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may...

THELIA 1.4.2.1Multiple Cross-Site Scripting Vulnerabilities

THELIA 1.4.2.1Multiple Cross Site Scripting Vulnerabilities. Webapps exploit for php platform source: http://www.securityfocus.com/bid/37855/info THELIA is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage...

Serialsystem 1.0.4 Beta - 'list' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40236/info Serialsystem is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Triburom - 'forum.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40316/info Triburom is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...