27 matches found
EUVD-2004-1649
Malware in sbrugna...
EUVD-2010-1138
Malware in sbrugna...
EUVD-2004-1941
Malware in sbrugna...
EUVD-2009-4471
Malware in sbrugna...
EUVD-2005-2690
Malware in sbrugna...
CVE-2005-2689
Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via 1 the moderate parameter to the Comments module or 2 htmltext parameter to html/user.php...
PT-2024-80: Reflected Cross-Site Scripting (XSS) in Netcat CMS (comments module)
The vulnerability was identified in Netcat comments module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...
PT-2024-5690 · Unknown · Netcat Cms
Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to the implementation of the subscribes delete confirm method in the comments module of the Netcat CMS system, which fails to take measures to protect the SQL query...
PT-2024-5669 · Unknown · Netcat Cms
Name of the Vulnerable Software and Affected Versions: Netcat CMS affected versions not specified Description: The issue is related to the implementation of the get component fields method in the comments module of the Netcat CMS system, which fails to take measures to protect the SQL query...
GHSA-FRM9-7PM9-5RGC SilverStripe comments module includes version of jQuery vulnerable to Cross-site Scripting
The silverstripe/comments module, the cwp/starter-theme and the cwp/watea-theme include an outdated version of jQuery by default, which contains XSS vulnerabilities if user input is used in certain contexts. Though no known exploit has been found for these in the existing usage, user customisatio...
PT-2024-40277 · Silverstripe · Silverstripe 4 +4
Name of the Vulnerable Software and Affected Versions: silverstripe/comments module affected versions not specified cwp/starter-theme affected versions not specified cwp/watea-theme affected versions not specified SilverStripe 4 versions prior to 4.2.0 CWP versions prior to 2.0.0 Description: The...
in microweber/microweber
Description Sensitive information as part of the error is getting disclosed while viewing comments from "loadmodule:commentssearch=" Proof of Concept 1. Login to https://demo.microweber.org 2. Visit https://demo.microweber.org/demo/admin/view:modules/loadmodule:commentssearch= 3. Now enter anythi...
Code Injection in microweber/microweber
Description HTML Injection is a vulnerability in which the attacker can inject malicious html content in the webpage. Proof of Concept 1 Admin has enabled Comments module, so that people can comment on a blog post. 2 Attacker post the following comment: SOMETHING+SOMETHING Now, observe the change...
PostNuke 0.76 RC4b Comments Module moderate Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/14635/info PostNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied input. This can lead to theft of cookie-based...
GENU CMS 2012.3 - Multiple SQL Injection Vulnerabilities
No description provided by source. Title: ====== GENU CMS 2012.3 - Multiple SQL Injection Vulnerabilities Date: ===== 2012-04-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=538 VL-ID: ===== 538 Introduction: ============= GENU is a Content Management System written...
iauto mobile Application 2012 - Multiple Vulnerabilities
Title: ====== iAuto Mobile Application 2012 - Multiple Web Vulnerabilities Date: ===== 2012-07-11 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=658 VL-ID: ===== 658 Common Vulnerability Scoring System: ==================================== 3.5 Introduction: ===========...
XSS in CompactCMS
Vulnerability ID: HTB22695 Reference: http://www.htbridge.ch/advisory/xssincompactcms.html Product: CompactCMS Vendor: compactcms.nl http://www.compactcms.nl/ Vulnerable Version: 1.4.1 Vendor Notification: 04 November 2010 Vulnerability Type: XSS Cross Site Scripting Status: Fixed by Vendor Risk...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in OpenCMS OAMP Comments Module 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the name field in a comment, and other unspecified vectors...
CVE-2010-1107
The CVE-2010-1107 entry concerns a Cross-site Scripting (XSS) vulnerability in Drupal’s Recent Comments module for versions 5.x (up to 5.x-1.2) and 6.x (up to 6.x-1.0). The underlying issue allows remote authenticated users to inject arbitrary web script or HTML via the “custom block title interf...
CVE-2010-1107
Cross-site scripting XSS vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."...