PHPGedView 2.52.6 - Individual.php Cross-Site Scripting

PHPGedView 2.52.6 - Individual.php Cross-Site Scripting source: https://www.securityfocus.com/bid/11882/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This iss...

L-Soft 1.8 - Listserv Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/9307/info Multiple cross-site scripting vulnerabilities have been reported in L-Soft Listserv. An attacker may exploit these issues by embedding hostile HTML and script code in a link to a site hosting the software. This could permit theft of cookie-based...

Psychoblogger PB-beta1 - errormessage Cross-Site Scripting

source: https://www.securityfocus.com/bid/9293/info It has been reported that Psychoblogger may be prone to multiple cross-site scripting vulnerabilities that may allow a remote attacker to execute HTML or script code in a user's browser. The issues are reported to exist in the 'imageview.php',...

My Little Forum 1.3 - 'email.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9286/info my little forum is prone to a cross-site scripting vulnerability in the 'email.php' script. The source of the problem is that HTML and script code are not adequately sanitized from input supplied via the URI parameters. A remote attacker could...

osCommerce 2.2 - manufacturers_id Cross-Site Scripting

osCommerce 2.2 - manufacturersid Cross-Site Scripting source: https://www.securityfocus.com/bid/9277/info A vulnerability has been reported to exist in the software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of...

Virtual Programming VP-ASP 4/5 - 'shopdisplayproducts.asp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/9164/info A vulnerability has been reported to exist in VP-ASP software that may allow a remote user to launch cross-site scripting attacks. A remote attacker may exploit this issue to potentially execute HTML or script code in the security context of the...

NullLogic Null HTTPd 0.5.1 - Error Page Long HTTP Request Cross-Site Scripting

source: https://www.securityfocus.com/bid/8695/info It has been reported that Null HTTPd is prone to a cross-site scripting vulnerability when displaying error pages that may allow an attacker to execute HTML or script code in a user's browser. The issue was previously reported and fixed BID 5603...

AldWeb MiniPortail 1.92.x - LNG Cross-Site Scripting

AldWeb MiniPortail 1.92.x - LNG Cross-Site Scripting source: https://www.securityfocus.com/bid/8504/info cross-site scripting vulnerability has been reported for miniPortail. The vulnerability exists due to insufficient sanitization of some user-supplied values. Specifically, malicious HTML code ...

AldWeb MiniPortail 1.9/2.x - 'LNG' Cross-Site Scripting

source: https://www.securityfocus.com/bid/8504/info cross-site scripting vulnerability has been reported for miniPortail. The vulnerability exists due to insufficient sanitization of some user-supplied values. Specifically, malicious HTML code is not sanitized from a URI parameter passed to...

IdealBB 1.4.9 Beta - HTML Injection

source: https://www.securityfocus.com/bid/8480/info IdealBB is prone to an HTML injection vulnerability. This could permit remote attackers to inject malicious HTML and script code into board messages. The attacker's code may be rendered in the web browser of the user viewing the malicious messag...

Macromedia Dreamweaver MX 6.0 - PHP User Authentication Suite Cross-Site Scripting

source: https://www.securityfocus.com/bid/8339/info It is possible to create an authentication or access control page, using Dreamweaver MX PHP Authentication Suite. This script will generate an error page that contains dynamic content when a user fails to authenticate correctly to the site. A...

e107 Website System 0.554 - HTML Injection

e107 Website System 0.554 - HTML Injection source: https://www.securityfocus.com/bid/8279/info The e107 content management system is prone to an HTML injection vulnerability. This issue is exposed through the class2.php script. An attacker may exploit this issue by including hostile HTML and scri...

Kerio MailServer 5.6.3 - Web Mail DO_MAP Module Cross-Site Scripting

Kerio MailServer 5.6.3 - Web Mail DOMAP Module Cross-Site Scripting source: https://www.securityfocus.com/bid/7968/info Reportedly, Kerio Mailserver is vulnerable to a cross site-scripting attack. The vulnerability is present in the domap module of the Kerio Mailserver web mail component. An...

M-TECH P-Synch 6.2.5 - 'nph-psf.exe?css' Cross-Site Scripting

source: https://www.securityfocus.com/bid/7745/info P-Synch does not adequately filter HTML code from URL parameters, making it prone to cross-site scripting attacks. Code will be executed in the security context of the system running P-Synch. This may enable a remote attacker to steal cookie-bas...

M-TECH P-Synch 6.2.5 - 'nph-psa.exe?css' Cross-Site Scripting

source: https://www.securityfocus.com/bid/7745/info P-Synch does not adequately filter HTML code from URL parameters, making it prone to cross-site scripting attacks. Code will be executed in the security context of the system running P-Synch. This may enable a remote attacker to steal cookie-bas...

S21SEC-023 - Vignette multiple Cross Site Scripting vulnerabilities

ID: S21SEC-023-en Title: Multiple Cross Site Scripting vulnerabilities in Vignette Date: 03/04/2003 Status: Vendor contacted and solution available Scope: HTML code Execution in client browsers Platforms: All Author: rpinuaga Location: http://www.s21sec.com/es/avisos/s21sec-023-en.txt Release:...

Ocean12 Guestbook XSS

The remote server is running Ocean12 GuestBook, a set of scripts to manage an interactive guestbook. An attacker may use this module to inject malicious HTML code in your site, which may be used to steal users' cookies or to simply annoy them. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

ez Publish Multiple XSS

ezPublish 2.2.7 has a cross-site scripting bug. An attacker may use it to perform a cross-site scripting attack on this host. In addition to this, another flaw may allow an attacker store hostile HTML code on the server side, which will be executed by the browser of the administrative user when h...

Mambo Site Server 4.0.10 - index.php Cross-Site Scripting

Mambo Site Server 4.0.10 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/7135/info Mambo Site Server has been reported prone to a cross-site scripting vulnerability. It has been reported that certain user supplied URI parameters are not sufficiently sanitized by the Mam...

RSA ClearTrust 4.64.7 - Login Page Cross-Site Scripting

RSA ClearTrust 4.64.7 - Login Page Cross-Site Scripting source: https://www.securityfocus.com/bid/7108/info A cross-site scripting vulnerability has been discovered in ClearTrust. Specifically, the login page for the management application is not properly sanitized of some user-supplied values. A...