2 matches found
eTicket 1.5.5 'newticket.php' Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/27130/info eTicket is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverag...
CVE-2007-2801
CVE-2007-2801 affects eTicket 1.5.5 and 1.5.5.1. The issue is a cross-site scripting (XSS) vulnerability in open.php exploitable when PHP register_globals is On, allowing remote attackers to inject script via the err and warn parameters. Root cause is improper handling of user-supplied inputs und...