AlstraSoft Template Seller Pro 3.25 Fullview.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/16233/info Template Seller Pro is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary code in the...

phpMyChat 0.14.5 - 'setup.php3' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/28399/info phpMyChat is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Dokeos <= 1.8.4 main/admin/session_list.php cmessage Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue. Attackers can...

AlstraSoft Affiliate Network Pro 8.0 merchants/temp.php rowid Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/25026/info AlstraSoft Affiliate Network Pro is affected by multiple input-validation vulnerabilities. These issues include multiple cross-site scripting isues and SQL-injection issues. A successful exploit could allow an...

Form Sender 1.0 Processform.PHP3 Failed Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14326/info A cross-site scripting vulnerability affects Form Sender. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically generated Web pages...

News Module for Envolution modules.php Multiple Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15857/info Envolution is prone to multiple input validation vulnerabilities. Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft ...

GEDCOM_TO_MYSQL php/prenom.php - Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/29048/info GEDCOMtoMySQL2 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

AIOCP 1.3.x cp_show_page_help.php Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal...

PerlDiver 2.31 Perldiver.CGI Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14894/info PerlDiver is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scri...

Apache Tomcat 6.0.10 Documentation Sample Application Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/24058/info Apache Tomcat's documentation web application includes a sample application that is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker...

WordPress Trashbin Plugin 0.1 'mtb_undelete' Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37097/info The Trashbin plugin for WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrar...

Oracle Weblogic Server 10.3 'console-help.portal' Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35673/info Oracle WebLogic Server is prone to a cross-site scripting vulnerability. An attacker with 'WLS Console Package' privileges can exploit this issue. The attacker may leverage this issue to execute arbitrary scrip...

Qualiteam X-Cart 4.0.8 error_message.php id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/13817/info X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. These vulnerabilities could permit remot...

Horde 3.1 'Passwd' Module Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35573/info The Horde 'Passwd' module is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

SMF 1.1 Index.PHP HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22143/info SMF is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute i...

DieselScripts DieselPay Index.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19623/info DieselPay is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of ...

FireStats WordPress Plugin 1.0.2 Multiple Cross Site Scripting and Authentication Bypass Vulnerabilities (2)

No description provided by source. source: http://www.securityfocus.com/bid/37099/info The FireStats plugin for WordPress is prone to multiple cross-site scripting vulnerabilities and an authentication-bypass vulnerability. An attacker may leverage these issues to gain unauthorized access to the...

Dokeos <= 1.8.4 main/inc/lib/events.lib.inc.php Referer HTTP Header SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/27792/info Dokeos is prone to multiple input-validation vulnerabilities including five SQL-injection issues, one HTML-injection issue, three cross-site scripting issues, and one arbitrary-file-upload issue. Attackers can...

Fizzle 0.5 RSS Feed HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/23144/info Fizzle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code...

JetPhoto 1.0/2.0/2.1 thumbnail.php page Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/17449/info JetPhoto is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...