osCommerce 2.2 - '/admin/zones.php?page' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20343/info osCommerce is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attack...

Yblog - tem.php Cross-Site Scripting

Yblog - tem.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute...

Yblog - uss.php Cross-Site Scripting

Yblog - uss.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute...

Yblog - 'tem.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting us...

Yblog - 'funk.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20280/info Yblog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting us...

Interspire FastFind - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20380/info Interspire FastFind is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user...

GLSA-200609-16 : Tikiwiki: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200609-16 Tikiwiki: Arbitrary command execution A vulnerability in jhot.php allows for an unrestricted file upload to the img/wiki/ directory. Additionally, an XSS exists in the highlight parameter of tiki-searchindex.php. Impact ...

Phoenix Evolution CMS - modulespageeditindex.php?pageid Cross-Site Scripting

Phoenix Evolution CMS - modulespageeditindex.php?pageid Cross-Site Scripting source: https://www.securityfocus.com/bid/20212/info Phoenix Evolution CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. An attacker may leverage...

CubeCart 3.0.x - footer.inc.php?la_pow_by Cross-Site Scripting

CubeCart 3.0.x - footer.inc.php?lapowby Cross-Site Scripting source: https://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to...

CubeCart 3.0.x - '/admin/print_order.php?order_id' SQL Injection

source: https://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploit of...

CubeCart 3.0.x - '/admin/image.php?image' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploit of...

CubeCart 3.0.x - 'view_doc.php?view_doc' SQL Injection

source: https://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful exploit of...

BirdBlog 1.x - comment.php?entryid Cross-Site Scripting

BirdBlog 1.x - comment.php?entryid Cross-Site Scripting source: https://www.securityfocus.com/bid/20202/info BirdBlog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitra...

Photostore - details.php?gid Cross-Site Scripting

Photostore - details.php?gid Cross-Site Scripting source: https://www.securityfocus.com/bid/20172/info Photostore is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary...

WWWThreads 5.4 - 'Cat' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/20178/info WWWThreads is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user i...

Photostore - 'details.php?gid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20172/info Photostore is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecti...

DanPHPSupport 0.5 - 'index.php?page' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20203/info DanPHPSupport is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an...

BirdBlog 1.x - 'user.php?uid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20202/info BirdBlog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting...

Opial AV Download Management 1.0 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20174/info Opial Audio/Visual Download Management is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to have arbitrary script code execute in the browser...

Jamroom 3.0.16 - 'login.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/20162/info Jamroom is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context ...