Crystal Reports Server InfoView logonAction Parameter XSS

The InfoView component included with the Crystal Reports Server install on the remote host contains a JSP script fails to sanitize user input to the 'logonAction' parameter of its 'logon.jsp' script before using it to generate dynamic HTML output. An attacker may be able to leverage this issue to...

ClarkConnect proxy.php url Parameter XSS

The remote web server is used by ClarkConnect, an Internet server and gateway product, to process PHP scripts used for configuration. The installed version includes a script, '/public/proxy.php', that fails to sanitize user- supplied input to the 'url' parameter before using it to generate dynami...

Resin viewfile Servlet file Parameter XSS

The remote host is running Resin, an application server. The 'viewfile' Servlet included with the version of Resin installed on the remote host fails to sanitize user input to the 'file' parameter before including it in dynamic HTML output. An attacker may be able to leverage this issue to inject...

Xerox DocuShare dsweb Servlet Multiple XSS

The remote host is running DocuShare, a web-based document management application from Xerox. The version of DocuShare installed on the remote host fails to sanitize user input to the 'dsweb' servlet before including it in dynamic HTML output. An attacker may be able to leverage this issue to...

MySQL Eventum index.php email Parameter XSS

The MySQL Eventum install hosted on the remote web server is vulnerable to a cross-site scripting attack because it fails to sanitize user-supplied input to the 'email' parameter of the 'index.php' script before using it to generate dynamic HTML output. With a specially crafted URL, an attacker c...