128 matches found
WANem - Multiple Cross-Site Scripting Vulnerabilities
WANem - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/56326/info WANem is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script...
ZenPhoto - admin-news-articles.php Cross-Site Scripting
ZenPhoto - admin-news-articles.php Cross-Site Scripting source: https://www.securityfocus.com/bid/55755/info Zenphoto is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...
Omnistar Mailer - Multiple SQL Injections / HTML Injection Vulnerabilities
source: https://www.securityfocus.com/bid/55760/info Omnistar Mailer is prone to multiple SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow an attacker to compromise the application,...
DataWatch Monarch BI v5.1 admin section reflected cross-site scripting
Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI admin section is prone to a reflected cross-site scripting vulnerability because it fails to sufficientl...
Open Constructor - datafileedit.php?result Cross-Site Scripting
Open Constructor - datafileedit.php?result Cross-Site Scripting source: https://www.securityfocus.com/bid/54822/info Open Constructor is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these vulnerabilities could allow an...
Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities
Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/54773/info Barracuda Email Security Service is prone to multiple HTML-injection vulnerabilities because it fails to properly validate user-supplied input. An attacker may leverage...
WordPress Plugin Knews Multilingual Newsletters - Cross-Site Scripting
source: https://www.securityfocus.com/bid/54330/info Knews Multilingual Newsletters for WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
MySQLDumper 1.24.4 - main.php Multiple Cross-Site Request Forgery Vulnerabilities
MySQLDumper 1.24.4 - main.php Multiple Cross-Site Request Forgery Vulnerabilities source: https://www.securityfocus.com/bid/53306/info MySQLDumper is prone to multiple security vulnerabilities, including: 1. Multiple cross-site scripting vulnerabilities. 2. A local file-include vulnerability. 3...
MySQLDumper 1.24.4 - 'install.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/53306/info MySQLDumper is prone to multiple security vulnerabilities, including: 1. Multiple cross-site scripting vulnerabilities. 2. A local file-include vulnerability. 3. Multiple cross-site request-forgery vulnerabilities. 4. Multiple...
Fork CMS 3.x - '/backend/modules/error/actions/index.php?parse()' Multiple Error Display Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/52236/info Fork CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage these issues to execute arbitrary script cod...
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
11in1 is prone to a cross-site request-forgery and a local file include vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, and open or run...
Limny 3.0.1 - login.php Script Cross-Site Scripting
Limny 3.0.1 - login.php Script Cross-Site Scripting source: https://www.securityfocus.com/bid/51261/info Limny is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...
WordPress Plugin flash-album-gallery - flagshow.php Cross-Site Scripting
WordPress Plugin flash-album-gallery - flagshow.php Cross-Site Scripting source: https://www.securityfocus.com/bid/51031/info flash-album-gallery plug-in for WordPress is prone to a cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may...
Manx Multiple Cross Site Scripting and Directory Traversal Vulnerabilities
Manx is prone to multiple cross-site scripting and directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respectiv...
Manx 1.0.1 - '/admin/admin_blocks.php?Filename' Traversal Arbitrary File Access
source: https://www.securityfocus.com/bid/50839/info Manx is prone to multiple cross-site scripting and directory-traversal vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow an attacker to execute arbitrary script code in the browser...
WordPress Regular Subscriber Plugin 3.1.x - HTML Injection Vulnerability
WordPress Regular Subscriber plugin is prone to an HTML-injection vulnerability because of failure to sufficiently clean up user-supplied input. It allows an attacker to execute arbitrary script code in the browser in the context of the affected websites. In this way an attacker can steal...
Toko Lite CMS 1.5.2 - HTTP Response Splitting Cross-Site Scripting
Toko Lite CMS 1.5.2 - HTTP Response Splitting Cross-Site Scripting source: https://www.securityfocus.com/bid/49673/info Toko LiteCMS is prone to an HTTP-response-splitting vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An...
S9Y Serendipity Freetag-plugin 3.21 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/48054/info Serendipity Freetag-plugin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting use...
InTerra Blog Machine 1.84 - 'subject' HTML Injection
source: https://www.securityfocus.com/bid/47104/info InTerra Blog Machine is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the conte...
HTB22878: XSS vulnerability in CosmoShop
Vulnerability ID: HTB22878 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincosmoshop.html Product: CosmoShop Vendor: Zaunz Publishing GmbH http://www.cosmoshop.de/ Vulnerable Version: ePRO V10.05.00 Vendor Notification: 24 February 2011 Vulnerability Type: Stored XSS Cross Site...