280 matches found
Exploit for Code Injection in Ispconfig
CVE-2023-46818 exploit This is a python version of the origin...
ISPConfig 3.2.11 PHP Code Injection
------------------------------------------------------------------------ ISPConfig = 3.2.11 languageedit.php PHP Code Injection Vulnerability ------------------------------------------------------------------------ - Software Link: https://www.ispconfig.org - Affected Versions: Version 3.2.11 and...
X (Formerly Twitter): Cross-Domain Leakage of X Username / UserID due to Dynamically Generated JS File
The vulnerability allowed the retrieval of a user's X username and user ID from a dynamically generated JavaScript file hosted on Twitter. An attacker could force a victim to import the file from a malicious website, bypassing the Same-Origin Policy and exposing the user's sensitive information...
[SECURITY] Fedora 25 Update: php-7.0.25-1.fc25
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
MyBB 1.0.1/1.0.2 Notepad UserCP.PHP HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16361/info MyBB is prone to an HTML-injection vulnerability. This issue is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script co...
ScrewTurn Software ScrewTurn Wiki 2.0.x 'System Log' Page HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30429/info ScrewTurn Wiki is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and...
VBulletin <= 3.6.6 Calendar.PHP HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24020/info vBulletin is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...
Elite Forum 1.0 HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15257/info Elite Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...
PABox 2.0 Post Icon HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/12796/info paBox is reportedly affected by a HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. The...
PHPOpenChat 3.0.1 - Multiple HTML Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/12841/info PHPOpenChat is reportedly affected by multiple remote HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically...
CodetoSell ViArt Shop Enterprise 2.1.6 basket.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in...
Oracle Application Server 9i Webcache Cache_dump_file Cross-Site Scripting Vulnerability
No description provided by source. source : http://www.securityfocus.com/bid/13421/info A remote cross-site scripting vulnerability affects the Oracle Application Server 9i Webcache administration console. This issue is due to a failure of the application to properly sanitize user-supplied input...
WikiNi 0.4.x Waka.PHP Multiple HTML-Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/20688/info WikiNi is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data before using it in dynamically generated content. An attacker may leverage these...
SNewsCMS 2.x - 'search.php' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28262/info SNewsCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execu...
CheesyBlog 1.0 - Multiple HTML Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/16376/info CheesyBlog is prone to multiple HTML injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content. Attacker-supplied...
Verylost LostBook 1.1 Message Entry HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10825/info Reportedly Verylost lostBook is affected by an HTML injection vulnerability in its message entry functionality. This issue is due to a failure of the application to properly validate and sanitize user-supplied...
Beehive Forum 0.6.2 - Multiple HTML Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/16002/info Beehive Forum is prone to multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...
DotNetNuke <= 4.0 HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/20117/info DotNetNuke is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...
PECL Alternative PHP Cache Local 3 HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/32934/info PECL Alternative PHP Cache is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied...
Adobe ColdFusion Server <= 8.0.1 administrator/logviewer/searchlog.cfm startRow Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/36046/info Adobe ColdFusion is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...