CVE-2007-3517

CVE-2007-3517 covers multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3. An attacker can inject arbitrary web script or HTML by supplying malicious content through PATH_INFO (PHP_SELF) to scripts such as index.php and demo/claroline170/index.php (and potentially other scripts)...

CVE-2007-3261

Cross-site scripting XSS vulnerability in widgets/widgetsearch.php in dKret before 2.6 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

Cross site scripting

Cross-site scripting XSS vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHPSELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative sessio...

CVE-2007-3239

Cross-site scripting XSS vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHPSELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative sessio...

CVE-2007-3239

The CVE-2007-3239 entry describes an XSS vulnerability in the AndyBlue WordPress theme (pre-20070607) via the PHP_SELF value in searchform.php used by index.php. The underlying issue is reflected/script injection in the search form, which could be leveraged to execute arbitrary script or HTML in ...

CVE-2007-3239

Cross-site scripting XSS vulnerability in searchform.php in the AndyBlue theme before 20070607 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PHPSELF portion of a URI to index.php. NOTE: this can be leveraged for PHP code execution in an administrative sessio...

WordPress Cordobo Green Park Theme - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the PHPSELF portion of a URI. Solution Update the theme...

phppgadmin-xss.txt

------=Part257544061665.1180272607070 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Synopsis: Multiple XSS Vulnerabilities Introduction: phpPgAdmin is a web-based administration tool for PostgreSQL. Details: phpPgAdmin...

sriweb-xss.txt

XSS found by fl0 fl0w in sri.ro Description: The Romanian Secret Service web site suffers from cross site scripting vulnerability. Author: fl0 fl0w Homepage: http://popesculescu.lx.ro File Size: 5,13 KB site 'search' variable XSS Cross Site Scripting in URI Desciption : This XSS variant usually...

CVE-2007-2627

Cross-site scripting XSS vulnerability in sidebar.php in WordPress, when custom 404 pages that call getsidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string PHPSELF, a different vulnerability than CVE-2007-1622...

CVE-2007-2627

Cross-site scripting XSS vulnerability in sidebar.php in WordPress, when custom 404 pages that call getsidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string PHPSELF, a different vulnerability than CVE-2007-1622...

DSA-1285-1 wordpress

Bulletin has no description...

CVE-2007-1622

Cross-site scripting XSS vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATHINFO in the administration interface, related to loose...

CVE-2007-1622

Cross-site scripting XSS vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATHINFO in the administration interface, related to loose...

CVE-2007-1622

Cross-site scripting XSS vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATHINFO in the administration interface, related to loose...

WordPress 2.1.2 - PHP_Self Cross-Site Scripting

WordPress 2.1.2 - PHPSelf Cross-Site Scripting source: https://www.securityfocus.com/bid/23027/info WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script co...

CVE-2006-7087

CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the query string, which is processed via the PHPSELF variable...

CVE-2006-6156

The CVE-2006-6156 entry describes a Cross-site scripting (XSS) vulnerability in the HIOX Star Rating System Script (HSRS) up to version 1.0, with the flaw located in auth/message.php and exploitable via the PHP_SELF query string. The underlying cause is unencoded user input that allows arbitrary ...

CVE-2006-4665

Cross-site scripting XSS vulnerability in index.php in MKPortal M1.1 Rc1 allows remote attackers to inject arbitrary web script or HTML via the ind parameter, possibly related to the PHPSELF variable. NOTE: Some details are obtained from third party information...

Boastmachine.txt

Advisory : Cross Site Scripting in Boastmachine http://boastology.com/ Release Date : 17/05/2005 Last Modified : 17/05/2005 Author : Yunus Emre Yilmaz http://yns.zaxaz.com Application : BoastMachine v3.1 maybe older versions Risk : High Problem : Form action values in admin.php and index.php mayb...