Ziggurat Farsi CMS - 'id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/39311/info Ziggurat Farsi CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Liferay Portal p_p_id parameter vulnerable to persistent cross-site scripting

Overview Liferay Portal is vulnerable to persistent cross-site scripting via the ppid parameter, which can allow a remote, unauthenticated attacker to execute arbitrary script in the context of the portal administrator. Description Liferay Portal is a web portal that can provide Java applets that...

PG Matchmaking - 'services.php?show' Cross-Site Scripting

source: https://www.securityfocus.com/bid/35808/info PG Matchmaking is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user...

Claroline 1.8 - trackingcourseLog.php?view Cross-Site Scripting

Claroline 1.8 - trackingcourseLog.php?view Cross-Site Scripting source: https://www.securityfocus.com/bid/30346/info Claroline is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

OpManager 67 - traceRoute.do?name Cross-Site Scripting

OpManager 67 - traceRoute.do?name Cross-Site Scripting source: https://www.securityfocus.com/bid/24767/info OpManager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...

CVE-2003-1277

Cross-site scripting XSS vulnerabilities in Yet Another Bulletin Board YaBB 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into 1 newsicon of newstemplate.php, and 2 threadid a...

CVE-2004-2128

Cross-site scripting XSS vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll...

CVE-2005-1193

The bbencodesecondpass and makeclickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a 1 javascript:, 2 applet:, 3 about:, 4 activex:, 5 chrome:, or 6 script: UR...

CVE-2005-1156

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."...

CVE-2004-0347

Cross-site scripting XSS vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 build 4797 allows remote authenticated users to execute arbitrary script as other users via the row parameter...

CVE-2002-0960

Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allows remote attackers to execute arbitrary script as other CBMS users...

CVE-2002-0530

Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter...

CVE-2002-0731

The CVE-2002-0731 entry describes a Cross-site scripting vulnerability in the demonstration scripts for vqServer. The issue arises when an attacker can craft a link with script code in the arguments to demo scripts (e.g., respond.pl), enabling remote script execution in the victim’s browser via s...