XSS in Microsoft SharePoint

Hi! I think this is a XSS in MS SharePoint, you can reproduce it in SharePoint test server using for example following url: http://www.example.com/sharepoint/default.aspx/22;iftruealert22qwertytis This is due a lack of string stripping when putting the path into javascript. It seems to work at...

CVE-2007-1138

Absolute path traversal vulnerability in listmainpages.php in Cromosoft Simple Plantilla PHP SPP allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter...