4 matches found
Sql injection
Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped...
jCart 1.1 - Multiple Cross-Site Scripting / Cross-Site Request Forgery/Open Redirect Vulnerabilities
additem$itemid, $itemqty, $itemprice, $itemname; ------------------------- User-supplied input for variable $itemname isn't properly escaped. Proof-of-Concept: -- alertdocument.cookie" type="hidden" document.getElementById'payload'.click !-- Vulnerable code snippet jcart-gateway.php:...
CVE-2005-2336
Cross-site scripting XSS vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803...
CVE-2005-2336
Cross-site scripting XSS vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803...