6 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the lang parameter to integrator.php; 2 the token parameter in a New Password action, 3 the nidacl parameter in a Folder Properties action, or 4 the uid parameter...
NDSA20071016.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nth Dimension Security Advisory NDSA20071016 Date: 16th October 2007 Author: Tim Brown URL: / Product: SiteBar 3.3.8 Vendor: Ondřej Brablc, David Szego and SiteBar Team Risk: High Summary This advisory comes in 4 related parts: 1 SiteBar application h...
Serious holes affecting SiteBar 3.3.8
All, As a result of a short security audit of SiteBar, a number of security holes were found. The holes included code execution, a malicious redirect and multiple cases of Javascript injection. After liasing with the developers, the holes have been patched. Attached are the advisory and patch...
CVE-2006-3320
Cross-site scripting XSS vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter...
CVE-2006-3320
Cross-site scripting XSS vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter...
CVE-2006-3320
SiteBar 3.3.8 and earlier are affected by a cross‑site scripting (XSS) vulnerability in command.php via the command parameter. The Debian advisory DSA-1130-1 and OpenVAS entries confirm XSS due to missing input validation, with fixes delivered in Debian stable to 3.2.6-7.1 and in sid to 3.3.8-1.1...