330 matches found
427BB 2.x Multiple Remote HTML Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/12693/info 427BB is reportedly affected by multiple remote HTML injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input before using it in dynamically generated...
Fizzle 0.5 RSS Feed HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23144/info Fizzle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code...
Simple Machines Forum <= 1.1.7 '[url]' Tag HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/33595/info Simple Machines Forum is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML...
Blue Coat Reporter 7.0/7.1 License HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13725/info Blue Coat Reporter is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...
sBlog 0.7.2 comments_do.php Multiple Variable POST Method XSS
No description provided by source. source: http://www.securityfocus.com/bid/17044/info sBlog is prone to HTML-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would be...
MyBloggie 2.1.2/2.1.3 BBCode IMG Tag HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17865/info MyBloggie is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...
Ruby on Rails 1.2.3 To_JSON - Script Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/24161/info Ruby on Rails is prone to a script-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied script code...
PHPGuestbook 0.0.2/1.0 HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/17537/info phpGuestbook is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and scrip...
GWExtranet 3.0 Scp.DLL Multiple HTML Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/26582/info GWExtranet is prone to multiple HTML-injection vulnerabilities because the application fails to sufficiently sanitize user-supplied input data before using it in dynamically generated content. Attacker-supplied...
Hackish 1.1 Blocco.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/26167/info Hackish is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execut...
Land Down Under 601/602/700/701/800/801 Events.PHP HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14746/info Land Down Under is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...
VBulletin <= 3.7.1 - admincp/faq.php Injection adminlog.php XSS
No description provided by source. source: http://www.securityfocus.com/bid/30134/info vBulletin is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script...
OTRS Help Desk Multiple Vulnerabilities
OTRS Help Desk is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:otrs:otrs"; if description...
WordPress Plugin Terillion Reviews - Profile Id HTML Injection
source: https://www.securityfocus.com/bid/58415/info The Terillion Reviews plugin for WordPress is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied...
Astaro Security Gateway 8.1 - HTML Injection
source: https://www.securityfocus.com/bid/51301/info Astaro Security Gateway is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of t...
SimpleInvoices invoices Module - Customer Field Cross-Site Scripting
source: https://www.securityfocus.com/bid/56882/info Simple Invoices is prone to multiple HTML-injection vulnerabilities and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will...
AxisInternet VoIP Manager - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/55589/info AxisInternet VoIP Manager is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage these issues to execute...
Anatomy of a LulzSec Attack 'Singles Out' Web 2.0 Weakness
A new report analyzing a recent attack on a military dating site underscores the need for stronger safeguards on social networks. As part of its Hacker Intelligence Initiative, database and application security provider Imperva deconstructed a March attack by the hacker collective LulzSec on...
WordPress Plugin NewsLetter Manager 1.0 - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/53523/info Newsletter Manager plugin for WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage these issues ...
GetSimple CMS 3.1 admin/pages.php error Parameter Reflected XSS
GetSimple CMS 3.1 admin/pages.php error Parameter Reflected XSS. CVE-2012-6621. Webapps exploit for php platform source: http://www.securityfocus.com/bid/53501/info GetSimple CMS is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplie...