Macromedia Dreamweaver MX 6.0 - PHP User Authentication Suite Cross-Site Scripting

source: https://www.securityfocus.com/bid/8339/info It is possible to create an authentication or access control page, using Dreamweaver MX PHP Authentication Suite. This script will generate an error page that contains dynamic content when a user fails to authenticate correctly to the site. A...

e107 Website System 0.554 - HTML Injection

e107 Website System 0.554 - HTML Injection source: https://www.securityfocus.com/bid/8279/info The e107 content management system is prone to an HTML injection vulnerability. This issue is exposed through the class2.php script. An attacker may exploit this issue by including hostile HTML and scri...

Kerio MailServer 5.6.3 - Web Mail DO_MAP Module Cross-Site Scripting

Kerio MailServer 5.6.3 - Web Mail DOMAP Module Cross-Site Scripting source: https://www.securityfocus.com/bid/7968/info Reportedly, Kerio Mailserver is vulnerable to a cross site-scripting attack. The vulnerability is present in the domap module of the Kerio Mailserver web mail component. An...

M-TECH P-Synch 6.2.5 - 'nph-psa.exe?css' Cross-Site Scripting

source: https://www.securityfocus.com/bid/7745/info P-Synch does not adequately filter HTML code from URL parameters, making it prone to cross-site scripting attacks. Code will be executed in the security context of the system running P-Synch. This may enable a remote attacker to steal cookie-bas...

M-TECH P-Synch 6.2.5 - 'nph-psf.exe?css' Cross-Site Scripting

source: https://www.securityfocus.com/bid/7745/info P-Synch does not adequately filter HTML code from URL parameters, making it prone to cross-site scripting attacks. Code will be executed in the security context of the system running P-Synch. This may enable a remote attacker to steal cookie-bas...

S21SEC-023 - Vignette multiple Cross Site Scripting vulnerabilities

ID: S21SEC-023-en Title: Multiple Cross Site Scripting vulnerabilities in Vignette Date: 03/04/2003 Status: Vendor contacted and solution available Scope: HTML code Execution in client browsers Platforms: All Author: rpinuaga Location: http://www.s21sec.com/es/avisos/s21sec-023-en.txt Release:...

Ocean12 Guestbook XSS

The remote server is running Ocean12 GuestBook, a set of scripts to manage an interactive guestbook. An attacker may use this module to inject malicious HTML code in your site, which may be used to steal users' cookies or to simply annoy them. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

ez Publish Multiple XSS

ezPublish 2.2.7 has a cross-site scripting bug. An attacker may use it to perform a cross-site scripting attack on this host. In addition to this, another flaw may allow an attacker store hostile HTML code on the server side, which will be executed by the browser of the administrative user when h...

Mambo Site Server 4.0.10 - index.php Cross-Site Scripting

Mambo Site Server 4.0.10 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/7135/info Mambo Site Server has been reported prone to a cross-site scripting vulnerability. It has been reported that certain user supplied URI parameters are not sufficiently sanitized by the Mam...

RSA ClearTrust 4.64.7 - Login Page Cross-Site Scripting

RSA ClearTrust 4.64.7 - Login Page Cross-Site Scripting source: https://www.securityfocus.com/bid/7108/info A cross-site scripting vulnerability has been discovered in ClearTrust. Specifically, the login page for the management application is not properly sanitized of some user-supplied values. A...

FormMail-Clone - Cross-Site Scripting

source: https://www.securityfocus.com/bid/6570/info FormMail-clone is allegedly prone to cross-site scripting attacks. The FormMail-clone script does not sufficiently sanitize HTML tags and script code. As a result, a remote attacker may construct a malicious link to the script which contains...

Mhonarc 2.5.x - Mail Header HTML Injection

source: https://www.securityfocus.com/bid/6204/info A HTML injection vulnerability has been discovered in Mhonarc. An attacker may exploit this issue by sending a specially constructed email containing malicious HTML code in the header section. When the vulnerable Mhonarc client converts the...

Xoops 1.3.5 - Private Message System Font Attributes HTML Injection

Xoops 1.3.5 - Private Message System Font Attributes HTML Injection source: https://www.securityfocus.com/bid/6344/info Xoops includes a Private Message System for users, so that they may send messages to one another. HTML tags used for font attributes are not sufficiently filtered of malicious...

DaCode 1.2 - News Message HTML Injection

DaCode 1.2 - News Message HTML Injection source: https://www.securityfocus.com/bid/5798/info Problems with DaCode could make it possible to execute arbitrary script code in a vulnerable client. DaCode does not sufficiently filter potentially malicious HTML code from news posts. As a result, when ...

phpWebSite 0.8.3 - News Message HTML Injection

phpWebSite 0.8.3 - News Message HTML Injection source: https://www.securityfocus.com/bid/5802/info Problems with phpWebSite could make it possible to execute arbitrary script code in a vulnerable client. phpWebSite does not sufficiently filter potentially malicious HTML code from news posts. As a...

PHP-Nuke 6.0 - News Message HTML Injection

source: https://www.securityfocus.com/bid/5796/info Problems with PHPNuke could make it possible to execute arbitrary script code in a vulnerable client. PHPNuke does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that contai...

DaCode 1.2 - News Message HTML Injection

source: https://www.securityfocus.com/bid/5798/info Problems with DaCode could make it possible to execute arbitrary script code in a vulnerable client. DaCode does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that contains...

XOOPS 1.0 RC3 - HTML Injection

source: https://www.securityfocus.com/bid/5785/info Problems with XOOPS could make it possible to execute arbitrary script code in a vulnerable client. XOOPS does not sufficiently filter potentially malicious HTML code from posted messages. As a result, when a user views a message posting that...

XOOPS 1.0 RC3 - HTML Injection

XOOPS 1.0 RC3 - HTML Injection source: https://www.securityfocus.com/bid/5785/info Problems with XOOPS could make it possible to execute arbitrary script code in a vulnerable client. XOOPS does not sufficiently filter potentially malicious HTML code from posted messages. As a result, when a user...

SquirrelMail 1.2.6/1.2.7 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/5763/info SquirrelMail is a feature rich webmail program implemented in the PHP4 language. It is available for Linux and Unix based operating systems. Multiple cross site scripting vulnerabilities have been discovered in various PHP scripts included with...