Mailman -- cross-site scripting in web interface

Secunia reports: Two vulnerabilities have been reported in Mailman, which can be exploited by malicious users to conduct script insertion attacks. Certain input passed via the list descriptions is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary...

EVA-Web <=2.1.2 vuln.

EVA-Web =2.1.2 vuln. Vuln. discovered by : r0t Date: 27 may 2006 vendor:http://spip-edu.edres74.net/ affected versions:2.1.2 and prior orginal advisory:http://pridels.blogspot.com/2006/05/eva-web-212-vuln.html Vuln. Description: EVA-Web contains a flaw that allows a remote cross site scripting...

Net Clubs Pro XSS vuln

Net Clubs Pro XSS vuln Vuln. discovered by : r0t Date: 20 april 2006 vendor:www.aasimedia.com/nc/nc.shtml affected versions:4.0 and prior orginal advisory: http://pridels.blogspot.com/2006/04/net-clubs-pro-xss-vuln.html Vuln. Description: Net Clubs Pro contains a flaws that allows a remote cross...

Visale XSS vuln.

Visale XSS vuln. Vuln. discovered by : r0t Date: 19 april 2006 vendor:http://www.visale.com/ affected versions: 1.0 and previous orginal advisory:http://pridels.blogspot.com/2006/04/visale-xss-vuln.html Vuln. Description: Visale contains a flaw that allows a remote cross site scripting attack. Th...

realestateZONE 4.2 Multiple XSS vuln.

realestateZONE 4.2 Multiple XSS vuln. Vuln. discovered by : r0t Date: 28 march 2006 vendor:http://www.fusionzone.com/applications/realestate/ affected versions:v.4.2 and prior original advisory:http://pridels.blogspot.com/2006/03/realestatezone-42-multiple-xss-vuln.html Vuln. Description:...

BlankOL XSS vuln.

BlankOL XSS vuln. Vuln. discovered by : r0t Date: 27 march 2006 vendor:http://www.blankol.com/ affected versions: 1 and prior orginal advisory:http://pridels.blogspot.com/2006/03/blankol-xss-vuln.html Vuln. description: BlankOL contains a flaw that allows a remote cross site scripting attack. Thi...

[SA18714] DEV web management system "City/Region" Script Insertion

TITLE: DEV web management system "City/Region" Script Insertion SECUNIA ADVISORY ID: SA18714 VERIFY ADVISORY: http://secunia.com/advisories/18714/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: DEV web management system 1.x http://secunia.com/product/6685/...

[SA18326] Aquifer CMS "Keyword" Cross-Site Scripting Vulnerability

TITLE: Aquifer CMS "Keyword" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA18326 VERIFY ADVISORY: http://secunia.com/advisories/18326/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Aquifer CMS http://secunia.com/product/6752/ DESCRIPTION: Preddy has...

CommonSpot Content Server vuln.

CommonSpot Content Server vuln. Vuln. discovered by : r0t Date: 23 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/commonspot-content-server-vuln.html vendor:http://www.paperthin.com/ affected version:4.5 and prior Product Description: PaperThin's award-winning technology enables o...

Tangora™ Portal CMS XSS vuln.

Tangora™ Portal CMS XSS vuln. Vuln. discovered by : r0t Date: 21 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/tangora-portal-cms-xss-vuln.html vendor:http://www.tangora.com/ affected version:4.0 and prior Product Description: Tangora™ Portal CMS makes it easy for small and...

mantis -- "view_filters_page.php" cross-site scripting vulnerability

r0t reports: Mantis contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "targetfield" parameter in "viewfilterspage.php" isn't properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL tha...

DRZES HMS 3.2 Multiple vuln.

DRZES HMS 3.2 - Hosting Management System -multiple SQL inj. vuln. and XSS vuln. Vuln. dicovered by : r0t Date: 25 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/drzes-hms-32-multiple-vuln.html Vendor:http://drzes.com/ affected version:3.2 and prior Product description: Increase...

flyspray -- cross-site scripting vulnerabilities

A Secunia Advisory reports: Lostmon has reported some vulnerabilities in Flyspray, which can be exploited by malicious people to conduct cross-site scripting attacks. Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script...