Land Down Under BBCode HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10435/info Land Down Under is prone to an HTML injection vulnerability. This issue is exposed through their BBCode implementation. Exploitation could permit theft of cookie credentials, manipulation of content, or other...

XMB Forum 1.8 BBcode align Tag XSS

No description provided by source. source: http://www.securityfocus.com/bid/9726/info XMB Forum has been reported prone to multiple cross-site scripting, HTML injection and SQL injection vulnerabilities. The issues present themselves due to insufficient sanitization of remote user supplied data. ...

Phorum <= 5.2.11 Permanent Cross Site Scripting Vulnerabilities

No description provided by source. //----- Advisory Program : Phorum 5.2.11 and prior Homepage : http://www.phorum.org/ Discovery : 2009/07/16 Author Contacted : 2009/07/17 Found by : CrashFr This Advisory : CrashFr //----- Application description Started in 1998, Phorum was the original PHP and...

CLANSPHERE 2010.0 Final Multiple Vulnerabilities

No description provided by source. Vulnerability ID: HTB22694 Reference: http://www.htbridge.ch/advisory/sqlinjectioninclansphere.html Product: CLANSPHERE Vendor: csphere.eu http://www.csphere.eu/ Vulnerable Version: 2010.0 Final Vendor Notification: 02 November 2010 Vulnerability Type: SQL...

PHP-Fusion 5.0 BBCode IMG Tag Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12751/info PHP-Fusion is reported prone to a script injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input prior to including it in dynamically generated content. An...

ASP-DEV XM Forum RC3 IMG Tag Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12958/info XM Forum is reported prone to a script injection vulnerability. An attacker can supply arbitrary HTML and script code through the BBCode IMG tag to trigger this issue and execute arbitrary script code in a user...

Koobi 5.0 BBCode URL Tag Script Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16078/info Koobi is prone to a script injection vulnerability. An attacker can nest BBCode URL tags to trigger this issue and execute arbitrary code in a user's browser. Attacker-supplied HTML and script code would be abl...

eoCMS <= 0.9.03 Remote FIle Include Vulnerability

No description provided by source. Exploit Title: eoCMS = 0.9.03 Remote FIle Include Vulnerability Date: 14-12-2009 Author: 1nd0n3s14n l4m3r Software Link: http://eocms.com/index.php?act=plugin&id=4 Version: N/A Tested on: GNU/LINUX CVE : N/A Code : N/A eoCMS = 0.9.03 Remote FIle Include...

PHPX 3.x admin/forums.php CSRF Arbitrary Command Execution

No description provided by source. source: http://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative command...

CVE-2013-1804

Multiple cross-site scripting XSS vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the 1 highlight parameter to forum/viewthread.php; or remote authenticated users with certain permissions to inject arbitrary web script or HTML via the...

CVE-2012-4230

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...

CVE-2012-4230

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...

UBUNTU-CVE-2012-4230

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...

Cross site scripting

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...

CVE-2012-4230

The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the TinyMCE security policy for the 1 encoding directive and 2 validelements attribute, which allows attackers to conduct cross-site scripting XSS attacks via application-specific vectors, as demonstrated using a textarea element...

CVE-2012-4230

CVE-2012-4230 affects the TinyMCE 3.5.8 bbcode plugin, where the plugin does not properly enforce the security policy for two directives: (1) encoding and (2) valid_elements. This misconfiguration allows attackers to perform cross-site scripting (XSS) via application-specific vectors, demonstrate...

CVE-2012-4230

Removed by vendor...

Joomla! Kunena组件&quot;[map]&quot; BBCode脚本注入漏洞

Joomla!是一套在国外相当知名的内容管理系统。 由于在创建信息时通过"map" BBCode参数传递的输入在bbcode/bbcode.php中没有被正确过滤，攻击者可以利用漏洞在恶意数据被查看时，在受影响站点上下文的用户浏览器会话中注入并执行任意HTML和脚本代码。 0 Kunena 3.x component for Joomla! Joomla! Kunena 3.0.5版本以修复此漏洞，建议用户下载使用： http://www.kunena.org/blog/135-kunena-3-0-5-released...

PHP-fusion v7.02.06 XSRF/CSRF vulnerability

The PHP-Fusion BBCode system contains a XSRF vulnerability which is exploited through the IMG tags. The function that checks a remote image link will output an image as a long a as it meets the requirements in this cases an image. Check image exists = check file extension is valid for images = if...

TinyMCE 3.5.8 Cross Site Scripting

Vulnerability Report Author: Justin C. Klein Keane Date: 5 March, 2013 CVE-2012-4230 Description of Vulnerability: ----------------------------- "TinyMCE in itself can not be insecure" http://www.tinymce.com/wiki.php/Security "TinyMCE is a platform independent web based Javascript HTML WYSIWYG...