4774 matches found
PluggedOut CMS 0.4.8 - admin.php Cross-Site Scripting
PluggedOut CMS 0.4.8 - admin.php Cross-Site Scripting source: https://www.securityfocus.com/bid/14426/info PluggedOut CMS is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized acce...
IceWarp Web Mail 5.5.1 - 'calendar_d.html?createdataCX' Cross-Site Scripting
source: https://www.securityfocus.com/bid/14980/info IceWarp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in th...
PluggedOut CMS 0.4.8 - 'contenttypeid' SQL Injection
source: https://www.securityfocus.com/bid/14426/info PluggedOut CMS is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data. Other attacks are also possible...
SquirrelMail 1.4.2 Address Add Plugin - add.php Cross-Site Scripting
SquirrelMail 1.4.2 Address Add Plugin - add.php Cross-Site Scripting source: https://www.securityfocus.com/bid/14973/info SquirrelMail Address Add Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue...
CubeCart 3.0.3 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/14962/info CubeCart is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code execut...
vBulletin 1.0.1 lite2.x3.0 - admincpuser.php?email Cross-Site Scripting
vBulletin 1.0.1 lite2.x3.0 - admincpuser.php?email Cross-Site Scripting source: https://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...
vBulletin 1.0.1 lite2.x3.0 - admincpmodlog.php?orderby Cross-Site Scripting
vBulletin 1.0.1 lite2.x3.0 - admincpmodlog.php?orderby Cross-Site Scripting source: https://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...
MIVA Merchant 5 - Merchant.MVC Cross-Site Scripting
MIVA Merchant 5 - Merchant.MVC Cross-Site Scripting source: https://www.securityfocus.com/bid/14828/info MIVA Merchant 5 is prone to a cross-site scripting vulnerability.This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue...
Unclassified NewsBoard 1.5.3 - Description HTML Injection
Unclassified NewsBoard 1.5.3 - Description HTML Injection source: https://www.securityfocus.com/bid/14748/info Unclassified NewsBoard is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content...
Land Down Under 601/602/700/701/800/801 - 'events.php' HTML Injection
source: https://www.securityfocus.com/bid/14746/info Land Down Under is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code wou...
Foojan PHPWeblog - Html Injection
source: https://www.securityfocus.com/bid/14658/info Foojan PHPWeblog is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input. Attacker-supplied HTML and script code would be executed in the context of the affected Web site, potentially...
SaveWebPortal 3.4 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/14642/info SaveWebPortal is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code...
PostNuke 0.76 RC4b - 'user.php?htmltext' Cross-Site Scripting
source: https://www.securityfocus.com/bid/14635/info PostNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input. This can lead to theft of cookie-based authentication credentials, as well as oth...
PerlDiver 2.31 - Perldiver.cgi Cross-Site Scripting
PerlDiver 2.31 - Perldiver.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/14894/info PerlDiver is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to...
Land Down Under 800 - journal.php?w Cross-Site Scripting
Land Down Under 800 - journal.php?w Cross-Site Scripting source: https://www.securityfocus.com/bid/14619/info Land Down Under is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...
PHPFreeNews 1.40 - NewsCategoryForm.php?NewsMode Cross-Site Scripting
PHPFreeNews 1.40 - NewsCategoryForm.php?NewsMode Cross-Site Scripting source: https://www.securityfocus.com/bid/14590/info PHPFreeNews is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...
Soft4e ECW-Shop 6.0.2 - 'index.php' HTML Injection
source: https://www.securityfocus.com/bid/14579/info ECW Shop is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be...
ECW Shop 6.0.2 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/14578/info ECW Shop is prone to a cross-site scripting vulnerability. This issue is due to a lack of proper sanitization of user-supplied input. This type of exploitation could allow for theft of cookie-based authentication credentials; other attacks are...
My Image Gallery 1.4.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/14570/info My Image Gallery is prone to multiple cross-site scripting vulnerabilities due to improper sanitization of user-supplied input. An attacker can exploit these vulnerabilities to inject html and script code into the Web browser of an unsuspecting...
VegaDNS 0.8.1/0.9.8/0.9.9 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/14538/info VegaDNS is vulnerable to cross-site scripting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...