CVE-2006-3259

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the 1 ep parameter to search.php and the 2 subject parameter in comment.php aka the Subject field when posting a comment...

CVE-2006-3259

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the 1 ep parameter to search.php and the 2 subject parameter in comment.php aka the Subject field when posting a comment...

CVE-2006-3191

Cross-site scripting XSS vulnerability in comment.php in MPCS 0.2 allows remote attackers to inject arbitrary web script or HTML via the pageid parameter...

CVE-2006-3191

CVE-2006-3191 describes a Cross-site Scripting (XSS) vulnerability in MPCS 0.2, specifically in comment.php, exploitable via the pageid parameter. The issue allows remote attackers to inject arbitrary web script or HTML. The available sources confirm the affected software (MPCS 0.2) and the vulne...

MPCS v0.2 - XSS

MPCS v0.2 Homepage: http://tpvgames.co.uk/mpcs Affected files: comment.php XSS vuln with cookie & full path disclosure: Direct html injection doesnt seem to work, however, if you navigate to the code below in your browser, and then post a comment on the same page, our XSS example will occure...

CVE-2006-2836

CVE-2006-2836 describes a SQL injection vulnerability in Pineapple Technologies Lore, affecting version 1.5.6 and earlier. The flaw resides in comment.php and allows remote attackers to execute arbitrary SQL commands via the article_id parameter. The confirmed impact is partial confidentiality, i...

CVE-2006-1133

Multiple cross-site scripting XSS vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to 1 comment.php or 2 contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to 1 comment.php or 2 contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441...

CVE-2006-1133

CVE-2006-1133 concerns vbZoom/VBZooM 1.11, where cross-site scripting (XSS) is possible via the UserID parameter passed to comment.php or contact.php. The vulnerability is described as multiple XSS flaws, enabling remote attackers to inject arbitrary script/html. The record notes that the profile...

MPCS 0.2 - 'comment.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/18470/info MPCS is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an...

JPortal Web Portal 2.2.12.3.1 - comment.php SQL Injection

JPortal Web Portal 2.2.12.3.1 - comment.php SQL Injection source: https://www.securityfocus.com/bid/15324/info JPortal is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being used in an SQL query. Successful exploitati...

JPortal Web Portal 2.2.1/2.3.1 - 'comment.php' SQL Injection

source: https://www.securityfocus.com/bid/15324/info JPortal is prone to multiple SQL injection vulnerabilities. These are due to a lack of proper sanitization of user-supplied input before being used in an SQL query. Successful exploitation could result in a compromise of the application,...

CVE-2004-2157

The CVE-2004-2157 entry describes a cross-site scripting (XSS) vulnerability in Serendipity 0.7 beta1 (and possibly earlier versions before 0.7-beta3) in the Comment.php component. The flaw allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field, impa...

Geeklog < 1.3.12 comment.php order Parameter SQL Injection

Binary data 3050.prm...

CVE-2005-0485

Cross-site scripting XSS vulnerability in comment.php for paNews 2.0b4 for PHP Arena allows remote attackers to inject arbitrary HTML and web script via the showpost parameter...

Geeklog 1.3.7 - comment.php?cid Cross-Site Scripting

Geeklog 1.3.7 - comment.php?cid Cross-Site Scripting source: https://www.securityfocus.com/bid/6603/info Geeklog is prone to a cross-site scripting vulnerability in the 'comment.php' script. This issue is due to insufficient sanitization of input submitted in URI parameters. As a result, an...

Geeklog 1.3.7 - &#039;comment.php?cid&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/6603/info Geeklog is prone to a cross-site scripting vulnerability in the 'comment.php' script. This issue is due to insufficient sanitization of input submitted in URI parameters. As a result, an attacker may create a malicious link to a site hosting...

CVE-2002-0962

Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allow remote attackers to execute arbitrary script via 1 the url variable in the Link field of a calendar event, 2 the topic parameter in index.php, or 3 the title parameter in comment.php...