PHP-Nuke Search Enhanced Module 1.1/2.0 - HTML Injection

source: https://www.securityfocus.com/bid/15218/info Search Enhanced module for is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and scri...

RSA ACE Agent 5.x - Image Cross-Site Scripting

source: https://www.securityfocus.com/bid/15206/info RSA ACE Agent is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user i...

Chipmunk Forum - quote.php?forumID Cross-Site Scripting

Chipmunk Forum - quote.php?forumID Cross-Site Scripting source: https://www.securityfocus.com/bid/15149/info Chipmunk products are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker ma...

Chipmunk Forum - 'newtopic.php?forumID' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15149/info Chipmunk products are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...

Chipmunk Forum - 'quote.php?forumID' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15149/info Chipmunk products are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...

Xerver 4.17 - Single Dot File Request Source Disclosure

source: https://www.securityfocus.com/bid/15135/info Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit a vulnerability to disclose the contents of any Web accessible...

MySource 2.14 - edit_table_props.php?bgcolor Cross-Site Scripting

MySource 2.14 - edittableprops.php?bgcolor Cross-Site Scripting source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...

MySource 2.14 - edit_table_row_props.php?bgcolor Cross-Site Scripting

MySource 2.14 - edittablerowprops.php?bgcolor Cross-Site Scripting source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker ma...

MySource 2.14 - upgrade_in_progress_backend.php?target_url Cross-Site Scripting

MySource 2.14 - upgradeinprogressbackend.php?targeturl Cross-Site Scripting source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...

MySource 2.14 - insert_table.php?bgcolor Cross-Site Scripting

MySource 2.14 - inserttable.php?bgcolor Cross-Site Scripting source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...

MySource 2.14 - 'upgrade_in_progress_backend.php?target_url' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in t...

Comersus Backoffice Plus - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/15118/info BackOffice Plus is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execut...

YaPiG 0.95b - view.php?img_size Cross-Site Scripting

YaPiG 0.95b - view.php?imgsize Cross-Site Scripting source: https://www.securityfocus.com/bid/15092/info Yapig is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

Cyphor 0.19 - footer.php?t_login Cross-Site Scripting

Cyphor 0.19 - footer.php?tlogin Cross-Site Scripting source: https://www.securityfocus.com/bid/15047/info Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to...

Cyphor 0.19 - 'lostpwd.php?nick' SQL Injection

source: https://www.securityfocus.com/bid/15047/info Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data. Other attacks are also possible. ?php ---...

Cyphor 0.19 - 'newmsg.php?fid' SQL Injection

source: https://www.securityfocus.com/bid/15047/info Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data. Other attacks are also possible...

Oracle 9 - XML DB Cross-Site Scripting

Oracle 9 - XML DB Cross-Site Scripting source: https://www.securityfocus.com/bid/15034/info Oracle XML DB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

Utopia News Pro 1.1.3 - 'header.php?sitetitle' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15027/info Utopia News Pro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execut...

GLSA-200509-16 : Mantis: XSS and SQL injection vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200509-16 Mantis: XSS and SQL injection vulnerabilities Mantis fails to properly sanitize untrusted input before using it. This leads to a SQL injection and several cross-site scripting vulnerabilities. Impact : An attacker could...

IceWarp Web Mail 5.5.1 - calendar_d.html?createdataCX Cross-Site Scripting

IceWarp Web Mail 5.5.1 - calendard.html?createdataCX Cross-Site Scripting source: https://www.securityfocus.com/bid/14980/info IceWarp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...