5 matches found
Lycos HTMLGear guestGear CSS HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/5728/info Lycos htmlGEAR guestGEAR does not sanitize HTML from CSS Cascading Style-Sheets elements in guestbook fields. An attacker could capitalize on this situation to include arbitrary HTML and script code in a guestbo...
CVE-2006-2808
Cross-site scripting XSS vulnerability in Lycos Tripod htmlGEAR guestGEAR aka Guest Gear allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element,...
Cross site scripting
Cross-site scripting XSS vulnerability in Lycos Tripod htmlGEAR guestGEAR aka Guest Gear allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element,...
CVE-2006-2808
CVE-2006-2808 is a cross-site scripting vulnerability in Lycos Tripod htmlGEAR guestGEAR (Guest Gear). An attacker can inject arbitrary script via a guestbook post containing a javascript URI in the SRC attribute of a BR element after an extra "iframe" tagname and a double ">", potentially byp...
CVE-2006-2808
Cross-site scripting XSS vulnerability in Lycos Tripod htmlGEAR guestGEAR aka Guest Gear allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element,...