AZ Bulletin Board 1.0.x/1.1 - 'post.php' HTML Injection

source: https://www.securityfocus.com/bid/16351/info AZbb is prone to HTML-injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed in the...

Bit 5 Blog 8.1 - addcomment.php HTML Injection

Bit 5 Blog 8.1 - addcomment.php HTML Injection source: https://www.securityfocus.com/bid/16246/info Bit 5 Blog is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...

Bit 5 Blog 8.1 - 'addcomment.php' HTML Injection

source: https://www.securityfocus.com/bid/16246/info Bit 5 Blog is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be...

PHP-Nuke News Submission Story - Text Field Cross-Site Scripting

PHP-Nuke News Submission Story - Text Field Cross-Site Scripting source: https://www.securityfocus.com/bid/16192/info The PHPNuke Pool and News Modules are prone to an HTML injection vulnerability. This issue is due to a failure in the application modules to properly sanitize user-supplied input...

LiveJournal - Cleanhtml.pl HTML Injection

LiveJournal - Cleanhtml.pl HTML Injection source: https://www.securityfocus.com/bid/15990/info LiveJournal is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...

WebCal 3.0 4 - webcal.cgi Multiple Cross-Site Scripting Vulnerabilities

WebCal 3.0 4 - webcal.cgi Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15917/info WebCal is prone to multiple HTML injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied...

Zomplog 3.33.4 - detail.php HTML Injection

Zomplog 3.33.4 - detail.php HTML Injection source: https://www.securityfocus.com/bid/15168/info Zomplog is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...

PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities

The version of PHP Advanced Transfer Manager on the remote host suffers from multiple information disclosure and cross-site scripting flaws. For example, by calling a text or HTML viewer directly, an unauthenticated attacker can view arbitrary files, provided PHP's 'registerglobals' setting is...

Land Down Under 601602700701800801 - events.php HTML Injection

Land Down Under 601602700701800801 - events.php HTML Injection source: https://www.securityfocus.com/bid/14746/info Land Down Under is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamicall...

Land Down Under 601/602/700/701/800/801 - &#039;events.php&#039; HTML Injection

source: https://www.securityfocus.com/bid/14746/info Land Down Under is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code wou...

Unclassified NewsBoard 1.5.3 - &#039;Description&#039; HTML Injection

source: https://www.securityfocus.com/bid/14748/info Unclassified NewsBoard is prone to an HTML injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be executed i...

Advanced Guestbook User-Agent Header HTML Injection

The remote host is running Advanced Guestbook, a free guestbook written in PHP. The installed version of Advanced Guestbook fails to properly sanitize the 'HTTPUSERAGENT' environment variable before using it in dynamically-generated content. An attacker can exploit this flaw to launch cross-site...

Pyrox Search 1.0.5 - Newsearch.php Whatdoreplace Cross-Site Scripting

Pyrox Search 1.0.5 - Newsearch.php Whatdoreplace Cross-Site Scripting source: https://www.securityfocus.com/bid/14343/info A cross-site scripting vulnerability affects Pyrox Search. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output ...

Clever Copy 2.0 - calendar.php Cross-Site Scripting

Clever Copy 2.0 - calendar.php Cross-Site Scripting source: https://www.securityfocus.com/bid/14278/info A cross-site scripting vulnerability affects Clever Copy. This issue is due to a failure of the application to properly sanitize user-supplied URI input that will be output in dynamically...

CodetoSell ViArt Shop Enterprise 2.1.6 - &#039;reviews.php&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...

CodetoSell ViArt Shop Enterprise 2.1.6 - page.php?page Cross-Site Scripting

CodetoSell ViArt Shop Enterprise 2.1.6 - page.php?page Cross-Site Scripting source: https://www.securityfocus.com/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize...

CodetoSell ViArt Shop Enterprise 2.1.6 - products.php Multiple Cross-Site Scripting Vulnerabilities

CodetoSell ViArt Shop Enterprise 2.1.6 - products.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/13462/info ViArt Shop is affected by multiple cross-site scripting and HTML injection vulnerabilities. These issues are due to a failure in the application...

WebCT Discussion Board 4.1 - HTML Injection

WebCT Discussion Board 4.1 - HTML Injection source: https://www.securityfocus.com/bid/13101/info WebCT is reportedly affected by an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input prior to using it in dynamically generated...

PABox 2.0 - Post Icon HTML Injection

source: https://www.securityfocus.com/bid/12796/info paBox is reportedly affected by a HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. The attacker-supplied HTML and script...

Phorum 5.0.14 - Multiple Subject and Attachment HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/12800/info Phorum is reportedly affected by multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. The attacker-supplied HTML...