233 matches found
Mambo Open Source 4.5.1 (1.0.9) - Cross-Site Scripting
source: https://www.securityfocus.com/bid/11220/info Mambo open source is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly validate user-supplied URI parameters. An attacker may leverage these issues to execute...
phpScheduleIt 1.0.0 RC1 Multiple XSS
According to its banner, the version of phpScheduleIt on the remote host is earlier than 1.0.0. Such versions are vulnerable to HTML injection issues. For example, an attacker may add malicious HTML and JavaScript code in a schedule page if he has the right to edit the 'Schedule Name' field. This...
php -- strip_tags cross-site scripting vulnerability
Stefan Esser of e-matters discovered that PHP's striptags function would ignore certain characters during parsing of tags, allowing these tags to pass through. Select browsers could then parse these tags, possibly allowing cross-site scripting attacks...
OpenBB 1.0.x - 'index.php?redirect' Cross-Site Scripting
source: https://www.securityfocus.com/bid/10214/info It has been reported that OpenBB is affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied user input. The SQL issues may allow a remote attacker to...
Apache mod_survey crossite scripting
No description provided...
Pegasi Web Server 0.2.2 - Arbitrary File Access
Pegasi Web Server 0.2.2 - Arbitrary File Access source: https://www.securityfocus.com/bid/9847/info Multiple vulnerabilities have been identified in the application that may allow a remote attacker to carry out directory traversal and cross-site scripting attacks. A successful cross-site scriptin...
Novell Netware Enterprise Web Server 5.16.0 SnoopServlet - Information Disclosure
Novell Netware Enterprise Web Server 5.16.0 SnoopServlet - Information Disclosure source: https://www.securityfocus.com/bid/9479/info Multiple vulnerabilities have been identified in Novell Netware Enterprise Web Server that may allow an attacker to carry out cross-site scripting attacks, disclos...
Novell Netware Enterprise Web Server 5.16.0 - snoop.jsp Information Disclosure
Novell Netware Enterprise Web Server 5.16.0 - snoop.jsp Information Disclosure source: https://www.securityfocus.com/bid/9479/info Multiple vulnerabilities have been identified in Novell Netware Enterprise Web Server that may allow an attacker to carry out cross-site scripting attacks, disclose...
CVE-2003-0981
FreeScripts VisitorBook LE visitorbook.pl logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting XSS attacks...
CVE-2003-0981
FreeScripts VisitorBook LE visitorbook.pl logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting XSS attacks...
Beanwebb's Guestbook 1.0 Multiple Vulnerabilities
The remote host is running Beanwebb's Guestbook. This set of CGIs has two vulnerabilities : - Anyone can access the admin page admin.php - It is vulnerable to cross-site scripting attacks in add.php An attacker may use these flaws to steal the cookies of your users or to inject fake information i...
CVE-2002-0837
wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remote attackers to 1 execute arbitrary code or 2 conduct cross-site scripting attacks via certain parameters possibly "dict" to the wordtrans.php script...
Kerio MailServer 5.05.1 Web Mail - Multiple Cross-Site Scripting Vulnerabilities
Kerio MailServer 5.05.1 Web Mail - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/5507/info Reportedly, Kerio Mailserver is vulnerable to cross site scripting attacks. The vulnerability is present in Kerio Mailserver's web mail component. An attacker may...