280 matches found
ETicket 1.5.5 - Open.php Multiple Cross-Site Scripting Vulnerabilities
ETicket 1.5.5 - Open.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/24681/info eTicket is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically...
Ruby on Rails 1.2.3 To_JSON - Script Injection
Ruby on Rails 1.2.3 ToJSON - Script Injection source: https://www.securityfocus.com/bid/24161/info Ruby on Rails is prone to a script-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied...
Ruby on Rails 1.2.3 To_JSON - Script Injection
source: https://www.securityfocus.com/bid/24161/info Ruby on Rails is prone to a script-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied script code would run in the context of the...
ClonusWiki 0.5 - index.php HTML Injection
ClonusWiki 0.5 - index.php HTML Injection source: https://www.securityfocus.com/bid/24101/info ClonusWiki is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and...
vBulletin 3.6.6 - 'calendar.php' HTML Injection
source: https://www.securityfocus.com/bid/24020/info vBulletin is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of th...
[SECURITY] Fedora Core 6 Update: php-5.1.6-3.6.fc6
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
Fizzle 0.5 - RSS Feed HTML Injection
source: https://www.securityfocus.com/bid/23144/info Fizzle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the...
Nullsoft SHOUTcast 1.9.7 - Logfile HTML Injection
Nullsoft SHOUTcast 1.9.7 - Logfile HTML Injection source: https://www.securityfocus.com/bid/22742/info Nullsoft SHOUTcast is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML...
phpBB 2.0.21 - 'privmsg.php' HTML Injection
source: https://www.securityfocus.com/bid/22001/info phpBB is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of th...
eTicket 1.5.5 - 'newticket.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/27130/info eTicket is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage these issues to execute arbitrar...
eTicket 1.5.5 - newticket.php Multiple Cross-Site Scripting Vulnerabilities
eTicket 1.5.5 - newticket.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27130/info eTicket is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically...
PowerMovieList 0.130.14 - Edit User HTML Injection
PowerMovieList 0.130.14 - Edit User HTML Injection source: https://www.securityfocus.com/bid/20564/info PowerMovieList is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content...
DotNetNuke 4.0 - HTML Injection
source: https://www.securityfocus.com/bid/20117/info DotNetNuke is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code may execute in the context of...
DotNetNuke 4.0 - HTML Injection
DotNetNuke 4.0 - HTML Injection source: https://www.securityfocus.com/bid/20117/info DotNetNuke is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script co...
Sage 1.3.x - IMG Element Input Validation
Sage 1.3.x - IMG Element Input Validation source: https://www.securityfocus.com/bid/21164/info The application is prone to an input-validation vulnerability that allows malicious HTML and script code to be injected before it is used in dynamically generated content. Attacker-supplied HTML and...
Sage 1.3.6 - Input Validation
source: https://www.securityfocus.com/bid/19928/info The application is prone to an input-validation vulnerability that allows malicious HTML and script code to be injected before it is used in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of t...
Sage 1.3.x - IMG Element Input Validation
source: https://www.securityfocus.com/bid/21164/info The application is prone to an input-validation vulnerability that allows malicious HTML and script code to be injected before it is used in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of t...
MyBB 1.1.7 - Multiple HTML Injection Vulnerabilities
source: https://www.securityfocus.com/bid/19718/info MyBB is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would execute in the context of the...
DieselScripts Job Site - Forgot.php Multiple Cross-Site Scripting Vulnerabilities
DieselScripts Job Site - Forgot.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/19622/info Multiple cross-site scripting vulnerabilities affect Job Site because the application fails to properly sanitize user-supplied input before including it in...
YaBBSE 1.x - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/19460/info A cross-site scripting vulnerability affects YaBBSE because the application fails to properly sanitize user-supplied input before including it in dynamically generated web content. An attacker may leverage this issue to have arbitrary script co...