Cross site scripting

Cross-site scripting XSS vulnerability in rkrtstats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERYSTRING variable. NOTE: the provenance of this information is unknown; portio...

CVE-2006-0317

Cross-site scripting XSS vulnerability in rkrtstats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERYSTRING variable. NOTE: the provenance of this information is unknown; portio...

CVE-2006-0317

Cross-site scripting XSS vulnerability in rkrtstats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERYSTRING variable. NOTE: the provenance of this information is unknown; portio...

security flaw

Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...

Cross site scripting

Cross-site scripting XSS vulnerability in WCONSOLE.DLL in Rockliffe MailSite 5.x and 6.1.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2005-4780

Cross-site scripting XSS vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a querystring to the home page. NOTE: The vendor disputes this issue, saying "Lighthouse does not in any way make use of the...

PT-2005-5443 · Fidra · Fidra Lighthouse Cms

Name of the Vulnerable Software and Affected Versions: Fidra Lighthouse CMS versions 1.1.0 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query string to the home page. The vendor disputes this...

CVE-2005-4491

Multiple cross-site scripting XSS vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 query string, 2 textonly, 3 locID, and 4 lang parameters to a Default.aspx, and the 6 ClickFrom parameter to b Request-call-back.html and c...

CVE-2005-4491

Multiple cross-site scripting XSS vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 query string, 2 textonly, 3 locID, and 4 lang parameters to a Default.aspx, and the 6 ClickFrom parameter to b Request-call-back.html and c...

CVE-2005-4194

Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming Media Server 2.0.3.a allows remote attackers to cause a denial of service application crash via a long query string...

CVE-2005-4160

Directory traversal vulnerability in getdox.php in Torrential 1.2 allows remote attackers to read arbitrary files via "../" sequences in the query string argument...

Cross-site attacks-steal cookies-vulnerability warning-the black bar safety net

% msg=Request. ServerVariables"QUERYSTRING" testfile=Server. MapPath"cook.txt" set fs=server. CreateObject"scripting. filesystemobject" set thisfile=fs. OpenTextFiletestfile,8,True,0 thisfile. Writeline""&msg& "" thisfile. close set fs = nothing % scriptwindow...

CVE-2005-4041

Cross-site scripting XSS vulnerability in search.cgi in MR CGI Guy Hot Links SQL 3.1.x and Hot Links Pro 3.1.x allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2005-3745

Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...

CVE-2005-3498

IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive informatio...

Sybase EAServer WebConsole buffer overflow

Added: 11/04/2005 CVE: CVE-2005-2297 BID: 14287 OSVDB: 17995 Background Sybase EAServer is a web application server. Problem A buffer overflow in the Sybase EAServer WebConsole allows a remote attcker to execute arbitrary commands by requesting /WebConsole/Login.jsp with a long query string...

CVE-2005-3127

Cross-site scripting XSS vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2005-3127

Cross-site scripting XSS vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2005-2453

Cross-site scripting XSS vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2005-2453

Cross-site scripting XSS vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string...