CVE-2010-3465

Multiple cross-site scripting XSS vulnerabilities in XSE Shopping Cart 1.5.2.1 and 1.5.3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to Default.aspx and the 2 type parameter to SearchResults.aspx...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in XSE Shopping Cart 1.5.2.1 and 1.5.3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to Default.aspx and the 2 type parameter to SearchResults.aspx...

CVE-2010-3465

Multiple cross-site scripting XSS vulnerabilities in XSE Shopping Cart 1.5.2.1 and 1.5.3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to Default.aspx and the 2 type parameter to SearchResults.aspx...

CVE-2008-6644

Cross-site scripting XSS vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2008-6380

CVE-2008-6380 affects Active Web Helpdesk 2.0: SQL injection in default.aspx via the CategoryID parameter that allows remote execution of arbitrary SQL commands. The vulnerability is described in multiple sources (NVD/NVD listing, CVE records). Affected component is the web application code handl...

Unfixed XSS vulnerability at www.spyfaidate.it

Security researcher Mystick, has submitted on 19/02/2009 a cross-site-scripting XSS vulnerability affecting www.spyfaidate.it, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/07/2009. It is currently...

Sql injection

SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the 1 id parameter in the "page" page and 2 txtSearch parameter in the "Search" page...

CVE-2008-4364

CVE-2008-4364 describes a SQL injection in ParsaGostar ParsaWeb CMS. The vulnerability affects the default.aspx page, allowing remote attackers to execute arbitrary SQL via the id parameter on the “page” page and the txtSearch parameter on the “Search” page. The associated connected documents con...

DotNetNuke Default.aspx跨站脚本漏洞

BUGTRAQ ID: 29437 DotNetNuke（DNN）是免费的开源内容管理系统。 DotNetNuke的Default.aspx页面没有正确地过滤用户通过URL提交的输入，远程攻击者可以提交恶意URL请求执行跨站脚本攻击。 0 DotNetNuke 4.8.3 DotNetNuke ---------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： a href=http://www.dotnetnuke.com/ target=blankhttp://www.dotnetnuke.com//a...

Unfixed XSS vulnerability at www4.shu.edu.cn

Security researcher DerickTham, has submitted on 21/12/2007 a cross-site-scripting XSS vulnerability affecting www4.shu.edu.cn, which at the time of submission ranked 26657 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 23/01/2008. It is...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO query string in "every main page," as demonstrated by default.asp...

CVE-2007-2555

Unspecified vulnerability in Default.aspx in Podium CMS allows remote attackers to have an unknown impact, possibly session fixation, via a META HTTP-EQUIV Set-cookie expression in the id parameter, related to "cookie manipulation." NOTE: this issue might be cross-site scripting XSS...

CVE-2007-0583

Multiple cross-site scripting XSS vulnerabilities in HTTP Commander 6.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 LogoffMessage parameter to logofflast.aspx or the 2 txtUsername parameter to Default.aspx. NOTE: The provenance of this informatio...

CVE-2006-6486

SQL injection vulnerability in EasyPage allows remote attackers to execute arbitrary SQL commands via sptrees/default.aspx, possibly involving the docId parameter. Affects EasyPage (component/context not fully specified); root cause is an injection flaw in the handling of inputs to the page. CVSS...

PT-2006-5716 · Perpetual Motion Interactive Systems · Dotnetnuke

Name of the Vulnerable Software and Affected Versions: Perpetual Motion Interactive Systems DotNetNuke versions prior to 3.3.5 Perpetual Motion Interactive Systems DotNetNuke versions 4.x prior to 4.3.5 Description: A cross-site scripting issue allows remote attackers to inject arbitrary HTML via...

CVE-2006-4862

SQL injection vulnerability in default.aspx in easypage allows remote attackers to execute arbitrary SQL commands via the srch parameter in the Search page...

CVE-2006-4862

CVE-2006-4862 : SQL injection in default.aspx of easypage allows remote attackers to execute arbitrary SQL via the srch parameter on the Search page. Affected: easypage, component/entry default.aspx (SQLi). Impact: partial confidentiality, integrity, and availability according to CVSS v2 (base sc...

CVE-2005-4491

Multiple cross-site scripting XSS vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 query string, 2 textonly, 3 locID, and 4 lang parameters to a Default.aspx, and the 6 ClickFrom parameter to b Request-call-back.html and c...

CVE-2005-4491

Multiple cross-site scripting XSS vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 query string, 2 textonly, 3 locID, and 4 lang parameters to a Default.aspx, and the 6 ClickFrom parameter to b Request-call-back.html and c...

Sitekit CMS 6.6 - Default.aspx Multiple Cross-Site Scripting Vulnerabilities

Sitekit CMS 6.6 - Default.aspx Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/16016/info Sitekit CMS is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A...