155 matches found
CVE-2008-0201
CVE-2008-0201 describes a cross-site scripting (XSS) vulnerability in ExpressionEngine 1.2.1 and earlier, where an attacker can inject arbitrary web script/HTML via the URL parameter in index.php. The vulnerability affects ExpressionEngine’s older index.php handling and is triggered by crafted in...
CVE-2008-0202
CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the URL parameter...
CVE-2008-0202
CVE-2008-0202 affects ExpressionEngine 1.2.1 and earlier. A CRLF injection vulnerability in index.php allows remote attackers to inject arbitrary HTTP headers and perform HTTP response splitting via a URL parameter. The NVD entry provides a basic impact assessment: confidentiality impact None, in...
ExpressionEngine 1.2.1 - HTTP Response Splitting Cross-Site Scripting
ExpressionEngine 1.2.1 - HTTP Response Splitting Cross-Site Scripting source: https://www.securityfocus.com/bid/27128/info ExpressionEngine is prone to an HTTP-response-splitting vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An...
ExpressionEngine 1.2.1 - HTTP Response Splitting / Cross-Site Scripting
source: https://www.securityfocus.com/bid/27128/info ExpressionEngine is prone to an HTTP-response-splitting vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in...
Vulnerability in ExpressionEngine
Здравствуйте 3APA3A! Сообщаю вам о найденной мною HTTP Response Splitting уязвимости в системе ExpressionEngine. Которая может быть использована в частности для проведения Cross-Site Scripting атаки. XSS: Уязвимость в скрипте index.php в параметре URL...
Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. ExpressionEngine: crossite scripting through responese splitting...
Cross site scripting
Cross-site scripting XSS vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTPREFERER referer...
CVE-2006-0461
Cross-site scripting XSS vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTPREFERER referer...
CVE-2006-0461
CVE-2006-0461 : The provided connected documents identify a cross-site scripting (XSS) vulnerability in ExpressionEngine 1.4.1, specifically in the file core.input.php, exploitable via HTTP_REFERER (referer). The vulnerability allows remote attackers to inject arbitrary web script or HTML, potent...
CVE-2006-0461
Cross-site scripting XSS vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTPREFERER referer...
ExpressionEngine-1.4.1.txt
New eVuln Advisory: ExpressionEngine 'Referer' XSS Vulnerability http://evuln.com/vulns/48/summary.html --------------------Summary---------------- Software: ExpressionEngine Sowtware's Web Site: http://www.pmachine.com Versions: 1.4.1 Critical Level: Moderate Type: Cross-Site Scripting Class:...
[eVuln] ExpressionEngine 'Referer' XSS Vulnerability
New eVuln Advisory: ExpressionEngine 'Referer' XSS Vulnerability http://evuln.com/vulns/48/summary.html --------------------Summary---------------- Software: ExpressionEngine Sowtware's Web Site: http://www.pmachine.com Versions: 1.4.1 Critical Level: Moderate Type: Cross-Site Scripting Class:...
PMachine ExpressionEngine 1.4.1 - HTTP Referrer HTML Injection
PMachine ExpressionEngine 1.4.1 - HTTP Referrer HTML Injection source: https://www.securityfocus.com/bid/16377/info ExpressionEngine is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to HTTP 'Referer' header...
PMachine ExpressionEngine 1.4.1 - HTTP Referrer HTML Injection
source: https://www.securityfocus.com/bid/16377/info ExpressionEngine is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to HTTP 'Referer' header before using it in dynamically generated content. Attacker-supplie...