PHPPost 1.0 - 'profile.php?user' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15524/info PHP-Post is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...

Litespeed 2.1.5 - ConfMgr.php Cross-Site Scripting

Litespeed 2.1.5 - ConfMgr.php Cross-Site Scripting source: https://www.securityfocus.com/bid/15485/info LiteSpeed Web Server is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this...

PHPWCMS 1.2.5 -DEV - Multiple Cross-Site Scripting Vulnerabilities

PHPWCMS 1.2.5 -DEV - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15440/info phpwcms is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...

PHPWCMS 1.2.5 -DEV - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/15440/info phpwcms is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in th...

SAP Web Application Server 6.x7.0 - Open Redirection

SAP Web Application Server 6.x7.0 - Open Redirection source: https://www.securityfocus.com/bid/15362/info SAP Web Application Server is reported prone to a remote URI redirection vulnerability. It is reported that an attacker can exploit this issue by supplying the URI of a malicious site through...

CjOverkill trade.php XSS

The remote server runs a version of CjOverkill, a free traffic trading script which is as old as or older than version 4.0.3. The remote version of this software is affected by a cross-site scripting vulnerability in the script 'trade.php'. This issue is due to a failure of the application to...

vBulletin XSS

The remote host is running vBulletin, a web based bulletin board system written in PHP. The remote version of this software is vulnerable to a cross-site scripting issue, due to a failure of the application to properly sanitize user-supplied URI input. As a result of this vulnerability, it is...

vBulletin XSS(2)

The remote host is running vBulletin, a web based bulletin board system written in PHP. The remote version of this software seems to be prior or equal to version 2.2.9. These versions are vulnerable to a cross-site scripting issue, due to a failure of the application to properly sanitize...

vBulletin XSS(3)

The remote host is running vBulletin, a web based bulletin board system written in PHP. The remote version of this software seems to be prior or equal to version 2.3.5 or 3.0.5. These versions are vulnerable to a cross-site scripting issue, due to a failure of the application to properly sanitize...

CjOverkill trade.php XSS

The remote server runs a version of CjOverkill, a free traffic trading script which is as old as or older than version 4.0.3. The remote version of this software is affected by a cross-site scripting vulnerability in the script SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions...

WackoWiki XSS

The remote host seems to be running the WackoWiki CGI suite and may be vulnerable to a remote authentication attack. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

ICECast XSS

The remote server runs a version of ICECast which is as old as or older than version 1.3.12. This version is affected by a cross-site scripting vulnerability in the status display functionality. This issue is due to a failure of the application to properly sanitize user-supplied input. As a resul...

PHPWebThings 0.4.4 - 'forum.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15276/info phpWebThings is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser...

GLSA-200510-24 : Mantis: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200510-24 Mantis: Multiple vulnerabilities Mantis contains several vulnerabilities, including: a remote file inclusion vulnerability a SQL injection vulnerability multiple cross site scripting vulnerabilities multiple information...

Snitz Forum 2000 - post.asp Cross-Site Scripting

Snitz Forum 2000 - post.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/15241/info Snitz Forum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to ha...

Comersus Backoffice 4.x/5.0/6.0 - '/comersus/database/comersus.mdb' Direct Request Database Disclosure

source: https://www.securityfocus.com/bid/15251/info Comersus BackOfficePlus and BackOfficeLite are prone to multiple input validation and information disclosure vulnerabilities. The applications are prone to SQL injection attacks, information disclosure and multiple cross-site scripting attacks...

Comersus Backoffice 4.x/5.0/6.0 - 'comersus_Backoffice_supportError.asp?error' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15251/info Comersus BackOfficePlus and BackOfficeLite are prone to multiple input validation and information disclosure vulnerabilities. The applications are prone to SQL injection attacks, information disclosure and multiple cross-site scripting attacks...

PHP Advanced Transfer Manager 1.30 - Remote Unauthorized Access

PHP Advanced Transfer Manager 1.30 - Remote Unauthorized Access source: https://www.securityfocus.com/bid/15237/info PHP Advanced Transfer Manager can allow remote attackers to gain unauthorized access. Access to sensitive files containing authentication credentials is not restricted, therefore a...

ASP Fast Forum - 'error.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15233/info ASP Fast Forum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the brows...

Flyspray 0.9 - Multiple Cross-Site Scripting Vulnerabilities

Flyspray 0.9 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15209/info Flyspray is prone to multiple cross-site scripting vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input. An attacker may leverage this issue t...