PHORTAIL 1.2.1 'poster.php' Multiple HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/34038/info PHORTAIL is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the context of the affected site...

XRMS 1.99.2 login.php target Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/31008/info XRMS CRM is prone to multiple input-validation vulnerabilities, including an unspecified SQL-injection issue, an HTML-injection issue, and multiple cross-site scripting issues. The vulnerabilities occur because...

TFTgallery 0.13 'sample' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/36898/info TFTgallery is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in th...

efiction 1.0/1.1/2.0 titles.php let Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15568/info eFiction is prone to SQL injection, remote file upload, and cross site scripting vulnerabilities. These vulnerabilities may allow an attacker to view and modify sensitive information, gain unauthorized access,...

DieselPay 1.6 Cross Site Scripting And Directory Traversal Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/37564/info DieselPay is prone to a cross-site scripting vulnerability and a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker could exploit these vulnerabilities ...

Looking Glass Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14680/info Looking Glass is prone to a cross-site scripting vulnerability. This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the software. Other attacks are also possibl...

V3 Chat Instant Messenger - search.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/18543/info V3 Chat Instant Messenger is prone to multiple cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker...

Car Site Manager csm/asp/detail.asp p Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/21066/info Car Site Manager is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to stea...

EsContacts 1.0 - search.php msg Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/28825/info EsContacts is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. Attackers may leverage these issues to execute arbitrary script code in the browse...

Edimax AR-6004 ADSL Router Management Interface Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9374/info Edimax AR-6004 ADSL Routers are prone to cross-site scripting attacks via the web management interface of affected devices. An attacker could exploit this issue by enticing a victim user to follow a malicious li...

Collaborative Portal Server 3.4 POS Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17774/info Collaborative Portal Server is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to...

DRZES HMS 3.2 Login.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15766/info DRZES HMS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scri...

CubeCart 3.0.x admin/forgot_pass.php user_name Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/20215/info CubeCart is prone to multiple input-validation vulnerabilities, including information-disclosure, cross-site scripting, and SQL-injection issues, because the application fails to properly sanitize user-supplied...

W-Agora 4.2 BBCode Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17751/info W-Agora is prone to a script-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated content. W-Agora can...

Dick Copits PDEstore 1.8 - Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/15898/info Dick Copits PDEstore is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issu...

Campus Bulletin Board 3.4 - post3/book.asp review Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/29375/info Campus Bulletin Board is prone to multiple input-validation vulnerabilities, including multiple SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied dat...

Manic Web MWGuest 2.1 MWguest.PHP HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17630/info MWGuest is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script cod...

Online Contact Manager 3.0 index.php showGroup Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/34626/info Online Contact Manager is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script...

ScrewTurn Software ScrewTurn Wiki 2.0.x 'System Log' Page HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30429/info ScrewTurn Wiki is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and...

ActiveNews Manager activenews_view.asp articleID Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/21167/info Active News Manger is prone to multiple input-validation vulnerabilities, including SQL-injection issues and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data. Exploitin...