Lucene search
K

6 matches found

Prion
Prion
added 2007/10/29 8:46 p.m.21 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in SiteBar 3.3.8 allow remote attackers to inject arbitrary web script or HTML via 1 the lang parameter to integrator.php; 2 the token parameter in a New Password action, 3 the nidacl parameter in a Folder Properties action, or 4 the uid parameter...

4.3CVSS5.7AI score0.04772EPSS
Exploits3References14Affected Software1
Packet Storm
Packet Storm
added 2007/10/22 12:0 a.m.42 views

NDSA20071016.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Nth Dimension Security Advisory NDSA20071016 Date: 16th October 2007 Author: Tim Brown URL: / Product: SiteBar 3.3.8 Vendor: Ondřej Brablc, David Szego and SiteBar Team Risk: High Summary This advisory comes in 4 related parts: 1 SiteBar application h...

9CVSS6.3AI score0.02341EPSS
Exploits2
securityvulns
securityvulns
added 2007/10/20 12:0 a.m.105 views

Serious holes affecting SiteBar 3.3.8

All, As a result of a short security audit of SiteBar, a number of security holes were found. The holes included code execution, a malicious redirect and multiple cases of Javascript injection. After liasing with the developers, the holes have been patched. Attached are the advisory and patch...

9CVSS0.1AI score0.02341EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2006/06/30 1:5 a.m.28 views

CVE-2006-3320

Cross-site scripting XSS vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter...

2.6CVSS6.1AI score0.02031EPSS
Exploits2References1
NVD
NVD
added 2006/06/30 1:5 a.m.23 views

CVE-2006-3320

Cross-site scripting XSS vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter...

2.6CVSS5.7AI score0.02031EPSS
Exploits2References13
CVE
CVE
added 2006/06/30 1:0 a.m.62 views

CVE-2006-3320

SiteBar 3.3.8 and earlier are affected by a cross‑site scripting (XSS) vulnerability in command.php via the command parameter. The Debian advisory DSA-1130-1 and OpenVAS entries confirm XSS due to missing input validation, with fixes delivered in Debian stable to 3.2.6-7.1 and in sid to 3.3.8-1.1...

2.6CVSS5.6AI score0.02031EPSS
Exploits2References13Affected Software1
Rows per page
Query Builder