3 matches found
CVE-2003-1554
CVE-2003-1554 corresponds to a cross-site scripting (XSS) vulnerability in ScozNet ScozBook 1.1 BETA. The flaw resides in scozbook/add.php, allowing an attacker to inject arbitrary script/HTML via the 6 parameters: username, useremail, aim, msn, sitename, and siteaddy. The NASL/OSS Nessus entry a...
CVE-2003-1554
Cross-site scripting XSS vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the 1 username, 2 useremail, 3 aim, 4 msn, 5 sitename and 6 siteaddy variables...
ScozBook scozbook/add.php Multiple Parameter XSS
The remote host is running ScozBook This set of CGI has two vulnerabilities : - It is vulnerable to cross-site scripting attacks in add.php - If the user requests view.php with a crafted PG Variable, he will obtain the physical path of the remote CGI An attacker may use these flaws to steal the...