56 matches found
Satel Lite - Satellite.php Local File Inclusion
Satel Lite - Satellite.php Local File Inclusion source: https://www.securityfocus.com/bid/23143/info Satel Lite is prone to a local file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to access sensitive information...
GLSA-200601-13 : Gallery: XSS vulnerability
The remote host is affected by the vulnerability described in GLSA-200601-13 Gallery: XSS vulnerability Peter Schumacher discovered that Gallery fails to sanitize the fullname set by users, possibly leading to a cross-site scripting vulnerability. Impact : By setting a specially crafted fullname,...
CVE-2002-1673
The CVE-2002-1673 issue affects Webmin 0.92: the web interface fails to properly quote/filter script code in files shown to the interface, enabling local users to run scripts and potentially steal cookies by inserting script into files or fields such as a real user name entry in /etc/passwd. The ...
CVE-2004-2072
CVE-2004-2072 describes a cross-site scripting (XSS) vulnerability in Mambo Open Source 4.6 (and possibly earlier) via the Itemid parameter in index.php. The underlying issue is a failure to properly sanitize user input in the web application, enabling an attacker to inject script that may run in...
CVE-2003-1203
Cross-site scripting XSS vulnerability in index.php for Mambo Site Server 4.0.10 allows remote attackers to execute script on other clients via the ?option parameter...
CVE-2004-1563
Multiple cross-site scripting XSS vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the 1 thread parameter to downloadthread.php, 2 loginuser parameter to login.php, or 3 userid parameter to forgotpassword.php...
CVE-2004-1640
Multiple cross-site scripting XSS vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the 1 terme parameter to search.php or 2 letter parameter to letter.php...
Bandmin 1.4 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/7729/info It has been reported that a cross-site scripting vulnerability exists in Bandmin. Because of this, an attacker may be able to execute script code or HTML in the context of the site hosting Bandmin by enticing a web user to follow a malicious lin...
myPHPNuke 1.8.8 - Default_Theme Cross-Site Scripting
myPHPNuke 1.8.8 - DefaultTheme Cross-Site Scripting source: https://www.securityfocus.com/bid/6544/info Reportedly, myPHPNuke does not adequately filter HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing scrip...
CVE-2002-0948
The CVE-2002-0948 entry concerns Scripts For Educators MakeBook 2.2 CGI, where the (1) Name and (2) Email parameters are not properly filtered. This allows remote attackers to execute arbitrary scripts as other visitors, or to trigger server-side includes (SSI) with the web server context. The NV...
CVE-2002-0504
Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuseApplication parameter to 1 launch.jsp or 2 launch.asp...
CVE-2002-0681
Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script...
CVE-2002-0521
ASP-Nuke RC2 and earlier are affected by a cross-site scripting (XSS) vulnerability. The issue arises in multiple input points: downloads.asp (name parameter), Post.asp (message parameter), and profile.asp (web site URL), allowing remote attackers to execute script in a user’s browser and potenti...
CVE-2002-0319
Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username...
CVE-2002-0148
Cross-site scripting vulnerability in Internet Information Server IIS 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page...
CVE-2002-0118
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board UBB 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag...