Cross site scripting

Cross-site scripting XSS vulnerability in index.php in JAKCMS 2.0.4.1, and possibly other versions before 2.2.6 2011-09-23, allows remote attackers to inject arbitrary web script or HTML via the userpost parameter in a PM request, related to tinymce. NOTE: some of these details are obtained from...

CVE-2011-4563

CVE-2011-4563 affects JAKCMS web app: XSS in index.php affecting 2.0.4.1 and possibly earlier versions up to 2.2.6, exploitable via the userpost parameter in a PM request and related to tinymce. The concrete vulnerability is a cross-site scripting flaw that allows remote attackers to inject arbit...

CVE-2011-4563

Cross-site scripting XSS vulnerability in index.php in JAKCMS 2.0.4.1, and possibly other versions before 2.2.6 2011-09-23, allows remote attackers to inject arbitrary web script or HTML via the userpost parameter in a PM request, related to tinymce. NOTE: some of these details are obtained from...

ibp-2.1.4-xpl.txt

This exploit has only been tested on 2.1.4. Others are most likely vulnerable but have not yet been tested. Simple SQL injection in funcmsg.php on line 448. tobyid is not properly sanitized. It's passed to the class via an instance of the messenger class, which takes it from the ipb sanitized inp...

SQL injection exploit IPB <= 2.1.4

This exploit has only been tested on 2.1.4. Others are most likely vulnerable but have not yet been tested. Simple SQL injection in funcmsg.php on line 448. tobyid is not properly sanitized. It's passed to the class via an instance of the messenger class, which takes it from the ipb sanitized inp...