51 matches found
CVE-2009-1070
Cross-site scripting XSS vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter...
CVE-2009-1070
Cross-site scripting XSS vulnerability in system/index.php in ExpressionEngine 1.6.4 through 1.6.6, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the avatar parameter...
CVE-2009-1070
CVE-2009-1070 affects ExpressionEngine CMS. The vulnerability is a Cross-Site Scripting (XSS) in system/index.php, exploitable via the avatar parameter, affecting ExpressionEngine 1.6.4 through 1.6.6 (and possibly earlier versions). The available connected documents confirm the vulnerability vect...
Directory traversal
Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows remote authenticated users to select an arbitrary local PHP script as an avatar via a .. dot dot in the avatar parameter, and cause other users to execute this script by using sendData.php to send a message to 1 an individual user o...
Pro Chat Rooms 3.0.2 - Cross-Site Scripting / Cross-Site Request Forgery
Pro Chat Rooms Version 3.0.2 XSS/CSRF Vulnerabilties AUTHOR : ZynbER MAiL : ZynbERatGmaildotcom HOME : NoWhere Script WebSite : http://www.prochatrooms.com Version : Pro Chat Rooms Version 3.0.2 EXPLOITS : -==XSS==- http://www.yoursite.com/path/profiles/index.php?gud=XSSED Vulnerable code in...
CVE-2007-3838
Cross-site scripting XSS vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the...
Cross site scripting
Cross-site scripting XSS vulnerability in takeprofedit.php in TBDev.NET DR 010306 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the avatar parameter. NOTE: this may be related to the tracker program in the Janitor package. NOTE: the provenance...
CVE-2007-3838
Cross-site scripting XSS vulnerability in takeprofedit.php in TBDev.NET DR 11-10-05-BETA-SF1:111005 and earlier allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the avatar parameter. NOTE: this may be related to the tracker program in the...
CVE-2006-2282
Cross-site scripting XSS vulnerability in X7 Chat 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the URL of an avatar, possibly related to the avatar parameter in register.php...
CVE-2006-2282
The CVE-2006-2282 entry describes an XSS vulnerability in X7 Chat 2.0.2 and earlier where a crafted javascript: URI in the avatar URL (likely related to the avatar parameter in register.php) allows remote attackers to inject arbitrary web script or HTML. Public details include a CVSS v2 base scor...
CVE-2005-0629
Multiple cross-site scripting XSS vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 user or 2 Avatar parameters...