CVE-2009-4651

CVE-2009-4651 affects Joomla! through the Webee Comments (com_webeecomment) component versions 1.1.1, 1.2, and 2.0. The root cause is cross-site scripting (XSS) in the way BBCode tags (color, img, url) are processed, allowing remote attackers to inject arbitrary script or HTML via unspecified vec...

CVE-2009-4650

The CVE covers a SQL injection vulnerability in the Joomla! extension Webee Comments (com_webeecomment) , affecting versions 1.1.1, 1.2, and 2.0 . The flaw allows remote attackers to inject arbitrary SQL via the articleId parameter in the default action to index2.php , enabling execution of arbit...

KosmosBlog 0.9.3 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery

KosmosBlog 0.9.3 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery ----------------------------------------------------------------------------------------------- Title: KosmosBlog 0.9.3 SQLi/XSS/CSRF Multiple Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com...

SA-CONTRIB-2010-008 - Recent Comments - Cross Site Scripting

Recent Comments module provides a high-performance, fully themable block of recent comments. This release includes a fix for a cross-site scripting XSS vulnerability in which JavaScript could be inserted in the title of the Recent Comments block via a custom block title interface. This custom tit...

Potential XSS vector in Zend_Filter_StripTags when comments allowed

More info at https://framework.zend.com/security/advisory/ZF2010-03...

WordPress <2.8.2 评论处跨站脚本漏洞

No description provided by source...

Ez Blog v1.0 (XSS/XSRF) Multiple Vulnerabilities

Exploit for unknown platform in category web applications ================================================ Ez Blog v1.0 XSS/XSRF Multiple Vulnerabilities ================================================ ----------------------------------------------------------------------------------------------...

oBlog Persistant XSS, CSRF, Admin Bruteforce

No description provided by source. ------------------------------------------------------------------------------------------------- Application: oBlog Version: the only one there is : Download: http://www.dootzky.com/images/projects/oBlog.zip Author of this full disclosure: Milos Zivanovic...

oBlog - Persistent Cross-Site Scripting Cross-Site Request Forgery Admin Brute Force

oBlog - Persistent Cross-Site Scripting Cross-Site Request Forgery Admin Brute Force ------------------------------------------------------------------------------------------------- Application: oBlog Version: the only one there is : Download: http://www.dootzky.com/images/projects/oBlog.zip...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to register.php; 2 the user parameter to search.php; the 3 catmsg, 4 sourcemsg, 5 postponedselected, 6...

CVE-2009-4250

Multiple cross-site scripting XSS vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to register.php; 2 the user parameter to search.php; the 3 catmsg, 4 sourcemsg, 5 postponedselected, 6...

CVE-2009-4250

Multiple cross-site scripting XSS vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to register.php; 2 the user parameter to search.php; the 3 catmsg, 4 sourcemsg, 5 postponedselected, 6...

CVE-2009-4089

telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and 1 delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or 2 delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php...

Authorization

telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and 1 delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or 2 delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php...

EUVD-2009-4060

telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and 1 delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or 2 delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php...

Simplog 0.9.3.2 XSS / XSRF

Mutliple Vulnerabilities in Simplog v0.9.3.2 Name Multiple vulnerabilities in Simplog Systems Affected Simplog 0.9.3.2 and possibly earlier versions Download http://sourceforge.net/projects/simplog/files/simplog/0.9.3.2/simplog-0.9.3.2.tar.gz/download Author Amol Naik amolnaik4atgmail.com Date...

WordPress Plugin Subscribe to Comments 2.0 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/37105/info The Subscribe to Comments plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the conte...

WordPress Subscribe to Comments Plugin 2.0 - Multiple Cross-Site Scripting Vulnerabilities

Subscribe to Comments plugin is prone to a cross-site scripting. Application fails to sufficiently clean up user-supplied data. The attacker-supplied could run HTML or JavaScript code in the context of the affected site. In that way the attacker can steal cookie-based authentication credits. Ther...

Telepark Wiki v2.4.23 Multiple Remote Vulnerabilities

Exploit for unknown platform in category web applications ===================================================== Telepark Wiki v2.4.23 Multiple Remote Vulnerabilities ===================================================== Title : Telepark Wiki Multiple Remote Vulnerabilities Affected Version :...

Simplog v0.9.3.2 Mutliple Vulnerabilities

Exploit for unknown platform in category web applications ========================================= Simplog v0.9.3.2 Mutliple Vulnerabilities ========================================= Mutliple Vulnerabilities in Simplog v0.9.3.2 Name Multiple vulnerabilities in Simplog Systems Affected Simplog...