70 matches found
FlatNuke 2.5.x - 'help.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/13882/info Multiple input validation vulnerabilities reportedly affect FlatNuke. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical actions such as generating Web content...
CVE-2004-1978
The vulnerability is in Moodle (a CMS) prior to version 1.3, in help.php, where a cross‑site scripting (XSS) flaw exists that allows a remote attacker to inject arbitrary HTML/script via the text parameter. Exploitation details are not provided in the primary sources, though OpenVAS entries descr...
Moodle < 1.3.3 'help.php' 'file' Parameter XSS
The version of Moodle running on the remote host is affected by a cross-site scripting vulnerability. Input to the 'file' parameter of 'help.php' is not properly sanitized. A remote attacker can exploit this by tricking a user into requesting a maliciously crafted URL, resulting in stolen...
CVE-2004-0725
Cross-site scripting XSS vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter...
Moodle Help Script 1.x - Cross-Site Scripting
source: https://www.securityfocus.com/bid/10718/info It is reported that Moodle is susceptible to a cross-site scripting vulnerability in the 'help.php' script. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic web content...
Moodle 1.11.2 - Cross-Site Scripting
Moodle 1.11.2 - Cross-Site Scripting source: https://www.securityfocus.com/bid/10251/info It has been reported that Moodle is susceptible to a cross-site scripting vulnerability in the 'help.php' script. This issue is due to a failure of the application to properly sanitize user-supplied input...
Moodle 1.1/1.2 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/10251/info It has been reported that Moodle is susceptible to a cross-site scripting vulnerability in the 'help.php' script. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic web...
PHP TopSites 2.02.2 - help.php Cross-Site Scripting
PHP TopSites 2.02.2 - help.php Cross-Site Scripting source: https://www.securityfocus.com/bid/6622/info A vulnerability has been discovered in PHP TopSites. Due to invalid sanitization of user-supplied input by the 'help.php' script, it may be possible for an attacker to steal another users cooki...
PHP TopSites 2.0/2.2 - 'help.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/6622/info A vulnerability has been discovered in PHP TopSites. Due to invalid sanitization of user-supplied input by the 'help.php' script, it may be possible for an attacker to steal another users cookie information or other sensitive data. This issue ca...
CVE-2002-1131
Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via 1 addressbook.php, 2 options.php, 3 search.php, or 4 help.php...