EUVD-2011-5211

Malware in sbrugna...

CVE-2011-5312

Multiple cross-site scripting XSS vulnerabilities in Gollos 2.8 allow remote attackers to inject arbitrary web script or HTML via the returnurl parameter to 1 register.aspx, 2 publication/info.aspx, or 3 user/add.aspx, or 4 the q parameter to product/list.aspx...

CVE-2011-5312

Multiple cross-site scripting XSS vulnerabilities in Gollos 2.8 allow remote attackers to inject arbitrary web script or HTML via the returnurl parameter to 1 register.aspx, 2 publication/info.aspx, or 3 user/add.aspx, or 4 the q parameter to product/list.aspx...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Gollos 2.8 allow remote attackers to inject arbitrary web script or HTML via the returnurl parameter to 1 register.aspx, 2 publication/info.aspx, or 3 user/add.aspx, or 4 the q parameter to product/list.aspx...

CVE-2011-5312

Multiple cross-site scripting XSS vulnerabilities in Gollos 2.8 allow remote attackers to inject arbitrary web script or HTML via the returnurl parameter to 1 register.aspx, 2 publication/info.aspx, or 3 user/add.aspx, or 4 the q parameter to product/list.aspx...

CVE-2011-5312

CVE-2011-5312 describes multiple cross-site scripting (XSS) vulnerabilities in Gollos 2.8, allowing remote attackers to inject arbitrary scripts via the returnurl parameter on register.aspx, publication/info.aspx, or user/add.aspx, and via the q parameter on product/list.aspx. The affected pages ...

Gollos 2.8 Cross Site Scripting

==================================== Vulnerability ID: HTB22831 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityingollos.html Product: Gollos Vendor: Gollos http://www.gollos.com/ Vulnerable Version: 2.8 and probably prior versions Vendor Notification: 01 February 2011 Vulnerability...

HTB22830: Multiple XSS vulnerabilities in Gollos

Vulnerability ID: HTB22830 Reference: http://www.htbridge.ch/advisory/multiplexssvulnerabilitiesingollos.html Product: Gollos Vendor: Gollos http://www.gollos.com/ Vulnerable Version: 2.8 and probably prior versions Vendor Notification: 01 February 2011 Vulnerability Type: XSS Cross Site Scriptin...

Gollos 2.8 - Multiple Cross-Site Scripting Vulnerabilities

Gollos 2.8 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/46379/info Gollos is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...

HTB22831: XSS vulnerability in Gollos

Vulnerability ID: HTB22831 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityingollos.html Product: Gollos Vendor: Gollos http://www.gollos.com/ Vulnerable Version: 2.8 and probably prior versions Vendor Notification: 01 February 2011 Vulnerability Type: XSS Cross Site Scripting Risk...

Gollos 2.8 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/46379/info Gollos is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Cross-site Scripting (XSS) Vulnerabilities in Gollos

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Gollos which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in Gollos 1.1 The vulnerability exists due to input sanitation errors in the "returnurl" paramet...