CVE-2005-0220

The CVE-2005-0220 entry concerns Gallery (affected: Gallery 1.4.4-pl2) with a cross-site scripting vulnerability in login.php where the username field is not properly sanitized. The underlying issue allows remote attackers to inject arbitrary script/HTML via the username parameter, enabling poten...

CVE-2005-0221

Affected software: Gallery 2.0 Alpha (Gallery login.php). Vulnerability: Cross-site scripting (XSS) via g2_form[subject]. Root cause: user-supplied input in login form is not properly sanitized, allowing injection of arbitrary HTML/script. Impact: remote attacker could exploit to run script in a ...

Gallery login.php username Parameter XSS

The version of Gallery hosted on the remote web server is affected by a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input to the 'username' parameter of the 'login.php' script. An attacker could exploit this flaw to inject arbitrary HTML and script code...

CVE-2005-0221

Cross-site scripting XSS vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2formsubject field...

CVE-2004-1507

CRLF injection vulnerability in login.php in WebCalendar allows remote attackers to inject CRLF sequences via the returnpath parameter and perform HTTP Response Splitting attacks to modify expected HTML content from the server...

CVE-2004-1584

CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter...

CVE-2004-1559

Multiple cross-site scripting XSS vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 redirectto, text, popupurl, or popuptitle parameters to wp-login.php, 2 redirecturl parameter to admin-header.php, 3 popuptitle, popupurl, content, or posttit...

WordPress < 1.2.1 'wp-login.php' HTTP Response Splitting

Binary data 2356.prm...

Multiple XSS Vulnerabilities in Wordpress 1.2

Vendor : Wordpress URL : http://wordpress.org/ Version : Wordpress 1.2 Risk : XSS Description: WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability. ... Go to http://wordpress.org/ for detailed information. Cross Site...

WordPress Core 1.2 - &#039;wp-login.php&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/11268/info It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. Wordpress 1.2 is reported vulnerable, however, other...

WordPress 1.2 - wp-login.php Multiple Cross-Site Scripting Vulnerabilities

WordPress 1.2 - wp-login.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/11268/info It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize...

Phorum 5.0.3 Beta && Earlier XSS Issues

Vendor : Phorum URL : http://www.phorum.org Version : Phorum 5.0.3 Beta && Earlier Risk : Cross Site Scripting Description: Phorum is a web based message board written in PHP. Phorum is designed with high-availability and visitor ease of use in mind. Features such as mailing list integration, eas...

Phorum 3.x - login.php HTTP_REFERER Cross-Site Scripting

Phorum 3.x - login.php HTTPREFERER Cross-Site Scripting source: https://www.securityfocus.com/bid/9882/info It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php',...

Phorum 5.0.3 Beta - Cross Site Scripting

Phorum 5.0.3 Beta - Cross Site Scripting Phorum Cross Site Scripting Vendor: Phorum Product: Phorum Version: tag, it will allow for pretty much any thing else, and most of you know it is not hard to execute javascript inside of a tag which is allowed. This same vulnerability also exists in...

Phorum 3.x - profile.php?target Cross-Site Scripting

Phorum 3.x - profile.php?target Cross-Site Scripting source: https://www.securityfocus.com/bid/9882/info It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php',...

Phorum 3.x - &#039;login.php&#039; HTTP_REFERER Cross-Site Scripting

source: https://www.securityfocus.com/bid/9882/info It has been reported that Phorum is prone to a cross-site scripting vulnerability across multiple modules. The issue presents itself across multiple modules including 'login.php', 'register.php', and 'profile.php'. These modules employ two hidde...

CVE-2004-0034

Multiple cross-site scripting XSS vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via 1 the phorumcheckxss function in common.php, 2 the EditError variable in profile.php, and 3 the Error variable in login.php...

CVE-2004-0067

CVE-2004-0067 describes multiple cross-site scripting (XSS) vulnerabilities in phpGedView prior to 2.65. The issue allows remote attackers to inject arbitrary HTML or JavaScript through numerous PHP/WEB pages (e.g., descendancy.php, index.php, individual.php, login.php, relationship.php, source.p...

CVE-2003-1466

Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via 1 register.php or 2 login.php...

SudBox Boutique 1.2 - login.php Authentication Bypass

SudBox Boutique 1.2 - login.php Authentication Bypass source: https://www.securityfocus.com/bid/7651/info A vulnerability has been reported for SudBox Boutique. The problem occurs due to insufficient initialization of variables and may allow an unauthorized user to gain authenticate. Specifically...