Design/Logic Flaw

classes/GoogleSpell.php in the PHP Spellchecker aka Google Spellchecker addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote...

CVE-2006-6019

Cross-site scripting XSS vulnerability in extensions/googiespell/googlespellproxy.php in Bill Roberts Bloo 1.0 allows remote attackers to inject arbitrary web script or HTML via the lang parameter...

CVE-2006-6019

CVE-2006-6019 affects Bloo 1.0 (extensions/googiespell/googlespell_proxy.php). The vulnerability is a cross-site scripting (XSS) flaw in the lang parameter, caused by insufficient sanitization, allowing remote attackers to inject arbitrary script in the victim’s browser. Documented impact is clie...

PT-2006-6666 · Bloo · Bloo

Name of the Vulnerable Software and Affected Versions: Bloo version 1.0 Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the lang parameter in the extensions/googiespell/googlespell proxy.php file. Recommendations: For...