37 matches found
XSS Vulnerability in AAC - Atlassian ID Display Name is not HTML-encoded on user hover
Raised from https://extranet.atlassian.com/jira/browse/INTSYS-23426...
There is a reflected xss flaw in the settings.action of dailysummary settings.action.
There is a reflected xss flaw in the settings.action of dailysummary settings.action as the username parameter is not html encoded before being rendered on the page. Here is an example of a reflected xss it adds a picture of a lolcat to the page...
There is a reflected xss flaw in the settings.action of dailysummary settings.action.
There is a reflected xss flaw in the settings.action of dailysummary settings.action as the username parameter is not html encoded before being rendered on the page. Here is an example of a reflected xss it adds a picture of a lolcat to the page...
WordPress Better WP Security Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wordpress Security audit betterwpsecurity 1. Cross-site scripting reflected Summary Severity: High Confidence: Certain Host: http://127.0.0.1 Path: /wp-admin/admin.php?page=betterwpsecurity Issue detail The value of the User-Agent HTTP header is copie...
WordPress Custom Contact Forms Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wordpress Security audit Custom Contact Forms 1. Cross-site scripting reflected 1.1. http://127.0.0.1/wp-admin/options-general.php name of an arbitrarily supplied request parameter 1.2. http://127.0.0.1/wp-admin/options-general.php name of an...
WordPress Bad Behavior Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wordpress Security audit bad-behavior plugin 1. Cross-site scripting reflected 1.1. http://127.0.0.1/wp-admin/options-general.php %3Cscript%3Ealert1%3C/script%3E parameter 1.2. http://127.0.0.1/wp-admin/options-general.php httpblkey parameter 1.3...
WordPress BulletProof Security Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Wordpress Security audit BulletProof Security 1. Cross-site scripting reflected Summary Severity: High Confidence: Certain Host: http://127.0.0.1 Path: /wp-admin/admin.php?page=bulletproof-security/admin/options.php Issue detail The value of the...
SeaMonkey < 2.2.0 Multiple Vulnerabilities
The installed version of SeaMonkey is earlier than 2.2.0. As such, it is potentially affected by the following security issues : - Errors in the WebGL implementation can allow the loading of WebGL textures from cross-domain images or allow the crash of the application and execution of arbitrary...
CVE-2011-2369
Cross-site scripting XSS vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity...
Cross site scripting
Cross-site scripting XSS vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity...
CVE-2011-2369
Cross-site scripting XSS vulnerability in Mozilla Firefox 4.x through 4.0.1 allows remote attackers to inject arbitrary web script or HTML via an SVG element containing an HTML-encoded entity...
Logging event information is not HTML encoded in 500 error page
The Confluence 500 error page lists logging events generated during the request the produced the 500 error page. The strings rendered from this event are not HTML encoded, leaving open a chance for an attacker to exploit this via XSS. I haven't yet investigated to see whether this is actually...
Logging event information is not HTML encoded in 500 error page
The Confluence 500 error page lists logging events generated during the request the produced the 500 error page. The strings rendered from this event are not HTML encoded, leaving open a chance for an attacker to exploit this via XSS. I haven't yet investigated to see whether this is actually...
XSS bug: usernames not HTML-encoded in all places
When signing up for an account, it is possible to enter a username like "fred". Confluence will accept this, and on certain pages, render it as raw HTML to the user, opening the possibility of cross-site scripting XSS attacks. Two places I've spotted the raw HTML so far: - Most prominently, when ...
blsXSS.txt
----------------------------------------------------------------------------------------- Found by: PrOtOn & digi7al64 Date: May 20th 2006 Critical Level: High Type: Multiple Cross Site Scripting XSS vunerabilities...
CVE-2006-2420
Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting XSS attacks via a title element with HTML encoded sequences such as "", which are automatically decoded by some RSS readers. NOTE: this issue is not in Bugzilla itself, but rather...
Microsoft MSN Messenger 1 < 4 - Malformed Invite Request Denial of Service
source: https://www.securityfocus.com/bid/4827/info Microsoft's MSN Messenger is an instant messenging client for Windows based machines, based on the Passport system. A vulnerability has been reported in some versions of MSN Messenger. Under some circumstances, it may be possible to crash the...