13 matches found
CVE-2009-4937
Cross-site scripting XSS vulnerability in Small Pirate SPirate 2.1 allows remote attackers to inject arbitrary web script or HTML via an onmouseover action in an img BBCode tag within a url BBCode tag...
CVE-2009-3803
Multiple cross-site scripting XSS vulnerabilities in Amiro.CMS 5.4.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the statusmessage parameter to 1 /news, 2 /comment, 3 /forum, 4 /blog, and 5 /tags; the statusmessage parameter to 6 forum.php, 7 discussion.php, 8...
CVE-2009-3803
Multiple cross-site scripting XSS vulnerabilities in Amiro.CMS 5.4.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the statusmessage parameter to 1 /news, 2 /comment, 3 /forum, 4 /blog, and 5 /tags; the statusmessage parameter to 6 forum.php, 7 discussion.php, 8...
Coppermine Photo Gallery IMG BBCode HTML注入漏洞
BUGTRAQ ID: 33917 Coppermine是用PHP编写的多用途集成Web图形库脚本。 Coppermine Photo Gallery没有正确地过滤用户在HTTP请求中所提交的bbcode img标签,如果用户受骗访问了恶意网页的话,就可能导致注入并执行恶意脚本代码。 Coppermine Photo Gallery 1.4.x 厂商补丁: Coppermine ---------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.chezgreg.net/coppermine/...
CVE-2006-6741
Cross-site request forgery CSRF vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag...
CVE-2006-6741
Cross-site request forgery CSRF vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag...
CVE-2006-6741
CVE-2006-6741 concerns a CSRF vulnerability in the urlobox component of MKPortal. The issue allows remote attackers to delete arbitrary administrator messages by triggering a delete operation embedded in an img BBcode tag. Affected software is MKPortal (specifically the urlobox feature); underlyi...
CVE-2006-3211
Cross-site scripting XSS vulnerability in sign.php in cjGuestbook 1.3 and earlier allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter...
CVE-2006-3211
The CVE-2006-3211 issue affects cjGuestbook versions 1.3 and earlier, located in sign.php. It is a cross-site scripting (XSS) vulnerability that lets remote attackers inject JavaScript by using a javascript: URI in an img BBCode tag within the comments parameter. Impact is partial integrity compr...
PT-2006-4106 · Unknown · Cjguestbook
Name of the Vulnerable Software and Affected Versions: cjGuestbook versions 1.3 and earlier Description: The issue concerns a cross-site scripting XSS vulnerability. It allows remote attackers to inject Javascript code via a javascript URI in an img bbcode tag in the comments parameter...
CVE-2005-0692
PHP-Fusion 5.x is affected by CVE-2005-0692 due to an XSS vulnerability in fusion_core.php. An attacker can inject arbitrary web script or HTML via a message containing an IMG BBCode that carries character-encoded Javascript, which will execute in the victim’s browser when the malicious BBCode is...
CVE-2005-0692
Cross-site scripting XSS vulnerability in fusioncore.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript...
CVE-2005-0692
Cross-site scripting XSS vulnerability in fusioncore.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript...