44 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in 1 index.php and 2 possibly certain other scripts, which is not properly cleansed when accessed from the...
CVE-2005-4193
Cross-site scripting XSS vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $SERVER'PHPSELF' variable...
CVE-2002-1757
PHProjekt 2.0 through 3.1 relies on the $PHPSELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATHINFO portion of the $PHPSELF variable, as demonstrated using...
CVE-2002-1757
PHProjekt 2.0 through 3.1 relies on the $PHPSELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATHINFO portion of the $PHPSELF variable, as demonstrated using...