23 matches found
Spyce 2.1.3 - spyce/examples/automaton.spy Direct Request Error Message Information Disclosure
source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...
Spyce 2.1.3 - docsexamplesredirect.spy Multiple Cross-Site Scripting Vulnerabilities
Spyce 2.1.3 - docsexamplesredirect.spy Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27898/info Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution. An attacker may leverage...
CuteNews <= 1.3.6 Multiple XSS
According to its version number, the remote host is running a version of CuteNews that allows an attacker to inject arbitrary script through the variables 'X-FORWARDED-FOR' or 'CLIENT-IP' when adding a comment. On one hand, an attacker can inject a client-side script to be executed by an...