CVE-2025-12460

An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

Atlassian Confluence 3.0 Cross Site Request Forgery

Product: Confluence Vendor: Atlassian Version: 3.0 / Current Tested Version: 3.4.6 Vendor Notified Date: June 31, 2011 Release Date: September 19, 2012 Risk: Medium Authentication: Depends on configuration. Remote: Yes Description: Multiple Cross-Site Request Forgery CSRF vulnerabilities in...

PHP-Nuke 6.x7.07.1 - Image Tag Admin Command Execution

PHP-Nuke 6.x7.07.1 - Image Tag Admin Command Execution source: https://www.securityfocus.com/bid/9895/info It has been reported that PHP-Nuke is prone to a remote admin command execution vulnerability. This issue is due to a design error that allows an attacker to specify arbitrary URI values in...

Internet Explorer modal dialog style crossite scripting

By using IMG width="0" height="0" style="width: expressionalert;" script may be executed in local zone...

Lycos HTMLGear - guestGear CSS HTML Injection

Lycos HTMLGear - guestGear CSS HTML Injection source: https://www.securityfocus.com/bid/5728/info Lycos htmlGEAR guestGEAR does not sanitize HTML from CSS Cascading Style-Sheets elements in guestbook fields. An attacker could capitalize on this situation to include arbitrary HTML and script code ...

Lycos HTMLGear - guestGear CSS HTML Injection

source: https://www.securityfocus.com/bid/5728/info Lycos htmlGEAR guestGEAR does not sanitize HTML from CSS Cascading Style-Sheets elements in guestbook fields. An attacker could capitalize on this situation to include arbitrary HTML and script code in a guestbook entries, which would be rendere...