35 matches found
Basit 1.0 Submit Module Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7139/info A cross-site scripting vulnerability has been reported for Basit. This vulnerability occurs due to insufficient sanitization of some user-supplied input. As a result of this deficiency an attacker may exploit th...
ZenPhoto 1.4.0.3 - x-forwarded-for HTTP Header Persistent Cross-Site Scripting
Exploit Title: ZenPhoto 1.4.0.3 patched 2011-4-19 x-forwarded-for HTTP Header presisitent XSS Date: 21-4-2011 Author: Saif El-Sherei Software Link: http://zenphoto.googlecode.com/files/zenphoto-1.4.0.3.zip Version: 1.4.0.3 latest updated 2011-4-19 Tested on:FF 3.0.15, IE 8 Info: Zenphoto is an...
Microsoft Internet Explorer 6 - Font Tag Denial of Service
Microsoft Internet Explorer 6 - Font Tag Denial of Service source: https://www.securityfocus.com/bid/11536/info Microsoft Internet Explorer is reported prone to a remote denial of service vulnerability. The issue presents itself due to a malfunction that occurs when certain font tags are...
Verylost LostBook 1.1 - Message Entry HTML Injection
Verylost LostBook 1.1 - Message Entry HTML Injection source: https://www.securityfocus.com/bid/10825/info Reportedly Verylost lostBook is affected by an HTML injection vulnerability in its message entry functionality. This issue is due to a failure of the application to properly validate and...
e107 Website System 0.5/0.6 - 'Log.php' HTML Injection
source: https://www.securityfocus.com/bid/10395/info It is reported that e107 website system is prone to a remote HTML injection vulnerability. This issue is due to a failure by the application to properly sanitize user-supplied input. The problem presents itself when a user supplies malicious HT...
AldWeb MiniPortail 1.9/2.x - 'LNG' Cross-Site Scripting
source: https://www.securityfocus.com/bid/8504/info cross-site scripting vulnerability has been reported for miniPortail. The vulnerability exists due to insufficient sanitization of some user-supplied values. Specifically, malicious HTML code is not sanitized from a URI parameter passed to...
AldWeb MiniPortail 1.92.x - LNG Cross-Site Scripting
AldWeb MiniPortail 1.92.x - LNG Cross-Site Scripting source: https://www.securityfocus.com/bid/8504/info cross-site scripting vulnerability has been reported for miniPortail. The vulnerability exists due to insufficient sanitization of some user-supplied values. Specifically, malicious HTML code ...
IdealBB 1.4.9 Beta - HTML Injection
source: https://www.securityfocus.com/bid/8480/info IdealBB is prone to an HTML injection vulnerability. This could permit remote attackers to inject malicious HTML and script code into board messages. The attacker's code may be rendered in the web browser of the user viewing the malicious messag...
Ocean12 Guestbook XSS
The remote server is running Ocean12 GuestBook, a set of scripts to manage an interactive guestbook. An attacker may use this module to inject malicious HTML code in your site, which may be used to steal users' cookies or to simply annoy them. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
Mhonarc 2.5.x - Mail Header HTML Injection
source: https://www.securityfocus.com/bid/6204/info A HTML injection vulnerability has been discovered in Mhonarc. An attacker may exploit this issue by sending a specially constructed email containing malicious HTML code in the header section. When the vulnerable Mhonarc client converts the...
Xoops 1.3.5 - Private Message System Font Attributes HTML Injection
Xoops 1.3.5 - Private Message System Font Attributes HTML Injection source: https://www.securityfocus.com/bid/6344/info Xoops includes a Private Message System for users, so that they may send messages to one another. HTML tags used for font attributes are not sufficiently filtered of malicious...
phpWebSite 0.8.3 - News Message HTML Injection
phpWebSite 0.8.3 - News Message HTML Injection source: https://www.securityfocus.com/bid/5802/info Problems with phpWebSite could make it possible to execute arbitrary script code in a vulnerable client. phpWebSite does not sufficiently filter potentially malicious HTML code from news posts. As a...
DaCode 1.2 - News Message HTML Injection
source: https://www.securityfocus.com/bid/5798/info Problems with DaCode could make it possible to execute arbitrary script code in a vulnerable client. DaCode does not sufficiently filter potentially malicious HTML code from news posts. As a result, when a user views a news posting that contains...
XOOPS 1.0 RC3 - HTML Injection
XOOPS 1.0 RC3 - HTML Injection source: https://www.securityfocus.com/bid/5785/info Problems with XOOPS could make it possible to execute arbitrary script code in a vulnerable client. XOOPS does not sufficiently filter potentially malicious HTML code from posted messages. As a result, when a user...
MyHelpDesk 20020509 - Cross-Site Scripting
source: https://www.securityfocus.com/bid/4970/info It is reported that MyHelpDesk is vulnerable to cross-site scripting attacks. Attackers may exploit this vulnerability by constructing a link to a vulnerable scripts, passing malicious HTML code as a value for unsanitized CGI parameters. If the...