Exponent CMS 0.96.5/0.96.6 - 'iconspopup.php?icodir' Traversal Arbitrary Directory Listing

source: https://www.securityfocus.com/bid/23574/info Exponent CMS is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute...

Flowers - 'Cas.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/23488/info FloweRS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

MailBee WebMail Pro 3.4 - Check_login.asp Cross-Site Scripting

MailBee WebMail Pro 3.4 - Checklogin.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/23481/info MailBee WebMail Pro is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to...

TuMusika Evolution 1.6 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/23452/info TuMusika Evolution is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting...

DotClear 1.2.x - '/tools/thememng/index.php?tool_url' Cross-Site Scripting

source: https://www.securityfocus.com/bid/23411/info DotClear is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

DeskPro 2.0.1 - login.php HTML Injection

DeskPro 2.0.1 - login.php HTML Injection source: https://www.securityfocus.com/bid/23381/info DeskPRO is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context o...

QuizShock 1.6.1 - auth.php HTML Injection

QuizShock 1.6.1 - auth.php HTML Injection source: https://www.securityfocus.com/bid/23368/info QuizShock is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the contex...

DeskPro 2.0.1 - 'login.php' HTML Injection

source: https://www.securityfocus.com/bid/23381/info DeskPRO is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing...

PHPwebnews 0.1 - iklan.php Cross-Site Scripting

PHPwebnews 0.1 - iklan.php Cross-Site Scripting source: https://www.securityfocus.com/bid/23448/info The 'phpwebnews' package is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

PHPwebnews 0.1 - 'iklan.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/23448/info The 'phpwebnews' package is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecti...

NextPage LivePublish 2.02 - LPEXT.dll Cross-Site Scripting

NextPage LivePublish 2.02 - LPEXT.dll Cross-Site Scripting source: https://www.securityfocus.com/bid/23270/info LivePublish is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

Mephisto Blog 0.7.3 - Search Function Cross-Site Scripting

Mephisto Blog 0.7.3 - Search Function Cross-Site Scripting source: https://www.securityfocus.com/bid/23141/info Mephisto Blog is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

CcCounter 2.0 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/23135/info CcCounter is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This...

Mephisto Blog 0.7.3 - Search Function Cross-Site Scripting

source: https://www.securityfocus.com/bid/23141/info Mephisto Blog is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user...

W-Agora 4.2.1 - search.php?search_user Cross-Site Scripting

W-Agora 4.2.1 - search.php?searchuser Cross-Site Scripting source: https://www.securityfocus.com/bid/23057/info w-Agora is prone to multiple input-validation vulnerabilities, including possible SQL-injection issues and multiple cross-site scripting issues, because it fails to sufficiently sanitiz...

W-Agora 4.2.1 - 'profile.php?showuser' Cross-Site Scripting

source: https://www.securityfocus.com/bid/23057/info w-Agora is prone to multiple input-validation vulnerabilities, including possible SQL-injection issues and multiple cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow a...

WordPress 2.1.2 - PHP_Self Cross-Site Scripting

WordPress 2.1.2 - PHPSelf Cross-Site Scripting source: https://www.securityfocus.com/bid/23027/info WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script co...

PHPX 3.5.153.5.16 - print.php SQL Injection

PHPX 3.5.153.5.16 - print.php SQL Injection source: https://www.securityfocus.com/bid/23033/info PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based...

PHPX 3.5.153.5.16 - users.php SQL Injection

PHPX 3.5.153.5.16 - users.php SQL Injection source: https://www.securityfocus.com/bid/23033/info PHPX is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. Exploiting these issues could allow an attacker to steal cookie-based...

DirectAdmin 1.292 - CMD_USER_STATS Cross-Site Scripting

DirectAdmin 1.292 - CMDUSERSTATS Cross-Site Scripting source: https://www.securityfocus.com/bid/22996/info DirectAdmin is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...