CVE-2007-4483

Cross-site scripting XSS vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in the 1 Blix 0.9.1 and 2 Blix 0.9.1 Rus themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

CVE-2007-4482

Cross-site scripting XSS vulnerability in index.php in the Pool 1.0.7 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

CVE-2007-4483

CVE-2007-4483 affects the WordPress Classic theme (1.5) prior to WordPress 2.1.3. The issue is a cross-site scripting (XSS) flaw in index.php via PATH_INFO (PHP_SELF). Impact: remote attackers can inject arbitrary web script or HTML.Remediation: update the WordPress Classic theme (or apply the fi...

CVE-2007-4483

Cross-site scripting XSS vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

CVE-2007-4483

Cross-site scripting XSS vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

CVE-2007-4480

CVE-2007-4480 affects the Sirius 1.0 WordPress theme. The vulnerability is a Cross-Site Scripting (XSS) in index.php via PATH_INFO (PHP_SELF), allowing remote attackers to inject arbitrary script/HTML. No exploitation details are provided; remediation is to update the theme (patch/version update ...

CVE-2007-4482

The CVE-2007-4482 entry describes a Cross-site scripting (XSS) vulnerability in the Pool theme for WordPress v1.0.7, exploitable via PATH_INFO (PHP_SELF) in index.php. The vulnerability could allow remote attackers to inject arbitrary web script or HTML. Affected component: Pool theme (WordPress)...

Vulnerability in theme Blix 0.9.1 for WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в темах Blix 0.9.1 и Blix 0.9.1 Rus для WordPress. XSS: http://site/index.php/223E3Cscript3Ealertdocument.cookie3C/script3E Уязвимость связана с недостаточной фильтрацией переменной PHPSELF. Дополнительная информаци...

Vulnerability in theme Pool 1.0.7 for WordPress

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в теме Pool 1.0.7 для WordPress. XSS: http://site/index.php/223E3Cscript3Ealertdocument.cookie3C/script3E Уязвимость связана с недостаточной фильтрацией переменной PHPSELF. Дополнительная информация о данной...

Vulnerability in theme WordPress Classic 1.5

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Cross-Site Scripting уязвимости в теме WordPress Classic 1.5. XSS: http://site/index.php/223E3Cscript3Ealertdocument.cookie3C/script3E Уязвимость связана с недостаточной фильтрацией переменной PHPSELF. Подобная уязвимость ранее уже была найдена в...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7, 1 allow remote attackers to inject arbitrary web script or HTML via "some server variables," including PHPSELF; and 2 allow remote authenticated administrators to inject arbitrary web script or HTM...

CVE-2007-4064

Multiple cross-site scripting XSS vulnerabilities in Drupal 5.x before 5.2, and 4.7.x before 4.7.7, 1 allow remote attackers to inject arbitrary web script or HTML via "some server variables," including PHPSELF; and 2 allow remote authenticated administrators to inject arbitrary web script or HTM...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF to 1 upgrade-0-2-3.php, 2 upgrade-0-3.php, or 3 upgrade-0-4.php in install/, a different vulnerability than...

CVE-2007-3963

Multiple cross-site scripting XSS vulnerabilities in UseBB 1.0.7, and possibly other 1.0.x versions, allow remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF to 1 upgrade-0-2-3.php, 2 upgrade-0-3.php, or 3 upgrade-0-4.php in install/, a different vulnerability than...

usebb-xss.txt

Script...............: UseBB version: 1.0.7 Script Site..........: http://www.usebb.net Vulnerability........: Cross Site Scripting XSS Acces................: Remote level................: Dangerous Author...............: S4mi Contact..............: s4miatLinuxMail.org The affected Files :...

UseBB 1.0.x Cross Site Scripting (XSS)

Script...............: UseBB version: 1.0.7 Script Site..........: http://www.usebb.net Vulnerability........: Cross Site Scripting XSS Acces................: Remote level................: Dangerous Author...............: S4mi Contact..............: s4miatLinuxMail.org The affected Files :...

CVE-2007-3517

Multiple cross-site scripting XSS vulnerabilities in Claroline 1.8.3 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF to 1 index.php, 2 demo/claroline170/index.php, and possibly other scripts...