3539 matches found
Flatpress 0.909.1 - Persistent Cross-Site Scripting
Flatpress 0.909.1 - Persistent Cross-Site Scripting Title: FlatPress 0.909.1 Stored XSS Vendor: http://www.flatpress.org Dork: "powered by FlatPress" AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory:...
Flatpress 0.909.1 - Persistent Cross-Site Scripting
Title: FlatPress 0.909.1 Stored XSS Vendor: http://www.flatpress.org Dork: "powered by FlatPress" AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability32.htm Thanks:...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in OpenCMS OAMP Comments Module 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the name field in a comment, and other unspecified vectors...
CVE-2009-4505
CVE-2009-4505 concerns the OpenCMS OAMP Comments Module (v1.0.0). The vulnerability arises from unfiltered user input being reflected in comments, enabling cross-site scripting (XSS) across visitors. The Compass Security advisory details exploitability and shows the impact as potential impersonat...
Cross site scripting
Cross-site scripting XSS vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."...
CVE-2010-1107
Cross-site scripting XSS vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."...
CVE-2010-1107
The CVE-2010-1107 entry concerns a Cross-site Scripting (XSS) vulnerability in Drupal’s Recent Comments module for versions 5.x (up to 5.x-1.2) and 6.x (up to 6.x-1.0). The underlying issue allows remote authenticated users to inject arbitrary web script or HTML via the “custom block title interf...
CVE-2009-4505 OpenCMS OAMP Comments Module XSS
COMPASS SECURITY ADVISORY http://www.csnc.ch/ CVE ID : CVE-2009-4505 Product: OpenCMS OAMP Comments Module Vendor: Open Source, Alkacon GmbH Cologne, Germany Subject: Cross-site scripting XSS Risk: High Effect: Anonymously exploitable Author: Cyrill Brunschwiler [email protected] Date:...
CSICE Cross Site Request Forgery / Cross Site Scripting
http://www.csice.org/ Suffers from XSS and CSRF cross site scripting and cross site request forgery attacks. The vulnerability lies in the Post comment filelds in the following page move to this page 'only for authenticated user' http://www.csice.org/student/subjects.html and choose a subject and...
Article Friendly Local File Inclusion
======================================================================= Article friendly Insecure direct object Referece Vulnerability ======================================================================= by Pratul Agrawal Vulnerability found in- Admin module email [email protected] company...
Tinypug 0.9.5 - Cross-Site Request Forgery (Password Change)
Tinypug 0.9.5 - Cross-Site Request Forgery Password Change www.BugReport.ir AmnPardaz Security Research Team Title: Tinypug Multiple Vulnerabilities Vendor: http://platformassociates.com/ project hosted at http://code.google.com/p/tinypug/ Vulnerable Version: 0.9.5 and prior versions Exploitation...
Sql injection
SQL injection vulnerability in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party informatio...
CVE-2009-4650
SQL injection vulnerability in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party informatio...
CVE-2009-4651
Multiple cross-site scripting XSS vulnerabilities in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 color, 2 img, or 3 url BBCode tags in unspecified vectors...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 color, 2 img, or 3 url BBCode tags in unspecified vectors...
CVE-2009-4650
The CVE covers a SQL injection vulnerability in the Joomla! extension Webee Comments (com_webeecomment) , affecting versions 1.1.1, 1.2, and 2.0 . The flaw allows remote attackers to inject arbitrary SQL via the articleId parameter in the default action to index2.php , enabling execution of arbit...
CVE-2009-4651
CVE-2009-4651 affects Joomla! through the Webee Comments (com_webeecomment) component versions 1.1.1, 1.2, and 2.0. The root cause is cross-site scripting (XSS) in the way BBCode tags (color, img, url) are processed, allowing remote attackers to inject arbitrary script or HTML via unspecified vec...
CVE-2009-4651
Multiple cross-site scripting XSS vulnerabilities in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 color, 2 img, or 3 url BBCode tags in unspecified vectors...
CVE-2009-4650
SQL injection vulnerability in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the articleId parameter in a default action to index2.php. NOTE: some of these details are obtained from third party informatio...
KosmosBlog 0.9.3 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery
KosmosBlog 0.9.3 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery ----------------------------------------------------------------------------------------------- Title: KosmosBlog 0.9.3 SQLi/XSS/CSRF Multiple Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com...