2 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via encoded special characters in the forwardto parameter, as demonstrated using """...
CVE-2007-1905
CVE-2007-1905 is a cross-site scripting (XSS) vulnerability in Pineapple Technologies QuizShock 1.6.1 and earlier, occurring in auth.php. The issue allows remote attackers to inject arbitrary scripts/HTML by supplying encoded characters in the forward_to parameter (example: "<"