CVE-2011-2153

Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser...

CVE-2011-2153

Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser...

eclipse: Help Content web application vulnerable to multiple XSS

Multiple cross-site scripting XSS vulnerabilities in the Help Contents web application aka the Help Server in Eclipse IDE before 3.6.2 allow remote attackers to inject arbitrary web script or HTML via the query string to 1 help/index.jsp or 2 help/advanced/content.jsp...

CVE-2011-1578

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with...

CVE-2011-1587

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? question mark in a query string,...

Cross site scripting

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with...

Cross site scripting

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? question mark in a query string,...

CVE-2011-1578

Cross-site scripting XSS vulnerability in MediaWiki before 1.16.3, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html at the end of the query string, in conjunction with...

CVE-2011-1587

MediaWiki vulnerable component: web application logic handling file uploads and URI parsing. CVE-2011-1587 is a cross-site scripting (XSS) flaw affecting MediaWiki prior to 1.16.4, triggered when Internet Explorer 6 or earlier is used and a file with a dangerous extension (e.g., .html) is accesse...

Joomla! < 1.6.1 Query String Parameter Multiple XSS Vulnerabilities

Joomla is prone to multiple cross-site scripting XSS vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Parallels Plesk 8.2 URL Redirection

Parallels Plesk 7.0 - 8.2 | Open URL Redirection Vulnerability 1. OVERVIEW The Plesk versions from 7.0 to 8.2 are vulnerable to Open URL Redirection when "Enable [email protected]" access format, a new feature introduced in Plesk 7.0, is enabled in user preferences. 2. BACKGROUND Parallels Plesk...

Joomla 1.6.0 Cross Site Scripting

========================================== Joomla! 1.6.0 | Cross Site Scripting XSS Vulnerability ========================================== 1. OVERVIEW Joomla! 1.6.0 was vulnerable to Cross Site Scripting. 2. PRODUCT DESCRIPTION Joomla is a free and open source content management system CMS for...

Cross-Site Scripting vulnerabilities in Icinga

Advisory: Cross-Site Scripting vulnerabilities in Icinga Advisory ID: SSCHADV2011-001 Author: Stefan Schurtz Affected Software: Successfully tested on: icinga-1.3.0 / icinga-1.2.1 Vendor URL: http://www.icinga.org Vendor Status: fixed csv export link to make it XSS save IE 1275 CVE-ID: -...

Icinga 1.3.0 / 1.2.1 Cross Site Scripting

Advisory: Cross-Site Scripting vulnerabilities in Icinga Advisory ID: SSCHADV2011-001 Author: Stefan Schurtz Affected Software: Successfully tested on: icinga-1.3.0 / icinga-1.2.1 Vendor URL: http://www.icinga.org Vendor Status: fixed csv export link to make it XSS save IE 1275 CVE-ID: -...

PHPShop 0.8.1 &lt;= | Cross Site Scripting Vulnerability

======================================== PHPShop 0.8.1 = | Cross Site Scripting Vulnerability ======================================== 1. OVERVIEW The PHPShop 0.8.1 and lower versions are currently vulnerable to Cross Site Scripting. 2. BACKGROUND PHPShop is a PHP-powered shopping cart applicatio...

PHPShop 0.8.1 Cross Site Scripting

======================================== PHPShop 0.8.1 = | Cross Site Scripting Vulnerability ======================================== 1. OVERVIEW The PHPShop 0.8.1 and lower versions are currently vulnerable to Cross Site Scripting. 2. BACKGROUND PHPShop is a PHP-powered shopping cart applicatio...

Cross site scripting

Cross-site scripting XSS vulnerability in nav.html in PHPXref before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2010-4745

Cross-site scripting XSS vulnerability in nav.html in PHPXref before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2010-4745

Cross-site scripting XSS vulnerability in nav.html in PHPXref before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the query string...

Adobe ColdFusion login.cfm Query String XSS (APSB11-04)

The version of Adobe ColdFusion running on the remote host has is affected by a cross-site scripting vulnerability in the administrative web interface. Input to the query string of 'administrator/login.cfm' is not properly sanitized before being returned in an HTML response. A remote attacker can...