Lucene search
+L

51 matches found

NVD
NVD
added 2009/03/26 5:51 a.m.15 views

CVE-2009-1070

Cross-site scripting XSS vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter...

4.3CVSS5.8AI score0.01718EPSS
Exploits1References6
Cvelist
Cvelist
added 2009/03/24 7:0 p.m.25 views

CVE-2009-1070

Cross-site scripting XSS vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter...

5.8AI score0.01718EPSS
Exploits1References6
CVE
CVE
added 2009/03/24 7:0 p.m.62 views

CVE-2009-1070

CVE-2009-1070 affects ExpressionEngine CMS. The vulnerability is a Cross-Site Scripting (XSS) in system/index.php, exploitable via the avatar parameter, affecting ExpressionEngine 1.6.4 through 1.6.6 (and possibly earlier versions). The available connected documents confirm the vulnerability vect...

4.3CVSS6AI score0.01718EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2009/03/20 6:30 p.m.16 views

Directory traversal

Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. dot dot in the avatar parameter, and cause other users to execute this script by using sendData.php to send a message to 1 an individual user o...

4.6CVSS6.5AI score0.01496EPSS
Exploits0References4Affected Software1
Exploit DB
Exploit DB
added 2008/12/10 12:0 a.m.42 views

Pro Chat Rooms 3.0.2 - Cross-Site Scripting / Cross-Site Request Forgery

Pro Chat Rooms Version 3.0.2 XSS/CSRF Vulnerabilties AUTHOR : ZynbER MAiL : ZynbERatGmaildotcom HOME : NoWhere Script WebSite : http://www.prochatrooms.com Version : Pro Chat Rooms Version 3.0.2 EXPLOITS : -==XSS==- http://www.yoursite.com/path/profiles/index.php?gud=XSSED Vulnerable code in...

7.4AI score
Exploits0
NVD
NVD
added 2007/07/17 10:30 p.m.18 views

CVE-2007-3838

Cross-site scripting XSS vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the...

2.6CVSS5.6AI score0.0152EPSS
Exploits1References3
Prion
Prion
added 2007/07/17 10:30 p.m.21 views

Cross site scripting

Cross-site scripting XSS vulnerability in takeprofedit.php in TBDev.NET DR 010306 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance...

4CVSS6AI score0.01105EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2007/07/17 10:0 p.m.23 views

CVE-2007-3838

Cross-site scripting XSS vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the...

5.6AI score0.0152EPSS
Exploits1References3
NVD
NVD
added 2006/05/10 2:14 a.m.12 views

CVE-2006-2282

Cross-site scripting XSS vulnerability in X7 Chat 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the URL of an avatar, possibly related to the avatar parameter in register.php...

4.3CVSS5.8AI score0.01342EPSS
Exploits0References7
CVE
CVE
added 2006/05/09 11:0 p.m.54 views

CVE-2006-2282

The CVE-2006-2282 entry describes an XSS vulnerability in X7 Chat 2.0.2 and earlier where a crafted javascript: URI in the avatar URL (likely related to the avatar parameter in register.php) allows remote attackers to inject arbitrary web script or HTML. Public details include a CVSS v2 base scor...

4.3CVSS5.8AI score0.01342EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2005/03/04 5:0 a.m.26 views

CVE-2005-0629

Multiple cross-site scripting XSS vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 user or 2 Avatar parameters...

5.8AI score0.02127EPSS
Exploits0References6
Rows per page
Query Builder