CVE-2008-6200

Multiple cross-site scripting XSS vulnerabilities in Swiki 1.5 allow remote attackers to inject arbitrary web script or HTML via 1 the query string and 2 a new wiki entry...

CVE-2009-0468

Multiple cross-site request forgery CSRF vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that 1 shutdown the server, 2 send ping packets, 3 enable network services, 4 configure a...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in ajax.html in Profense Web Application Firewall 2.6.2 and 2.6.3 allow remote attackers to hijack the authentication of administrators for requests that 1 shutdown the server, 2 send ping packets, 3 enable network services, 4 configure a...

phpwind V7. 0 XSS vulnerabilities-vulnerability warning-the black bar safety net

http://site/upload2/admin.php?adminjob=%22%3E%3Cscript%3Ealert%27hiphop%2 7%3C/script%3E ! $REQUESTURI = $SERVER'PHPSELF'.'?'.$ SERVER'QUERYSTRING'; $windversion = '7.0'; $windrepair = "; From the outside any QUERYSTRING didn't do the filter leads to vulnerability ============================== S...

DEBIAN-CVE-2008-5080

awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting XSS attacks via the querystring parameter. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714...

PT-2008-6232 · Awstats · Awstats

Name of the Vulnerable Software and Affected Versions: AWStats versions 6.8 and earlier Description: The issue allows remote attackers to conduct cross-site scripting XSS attacks via the query string parameter, due to the incomplete removal of quote characters by awstats.pl. This problem exists...

FreeBSD : flyspray -- multiple vulnerabilities (9d3020e4-a2c4-11dd-a9f9-0030843d3802)

The Flyspray Project reports : Flyspray is affected by a Cross Site scripting Vulnerability due to an error escaping PHP's $SERVER'QUERYSTRING' superglobal, that can be maliciously used to inject arbitrary code into the savesearch JavaScript function. There is an XSS problem in the history tab, t...

CVE-2008-4725

Cross-site scripting XSS vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database aka md.dat, a different vector than CVE-2008-4696. NOTE: some of these...

CVE-2008-4725

Cross-site scripting XSS vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database aka md.dat, a different vector than CVE-2008-4696. NOTE: some of these...

Cross site scripting

Cross-site scripting XSS vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database aka md.dat, a different vector than CVE-2008-4696. NOTE: some of these...

CVE-2008-4725

Cross-site scripting XSS vulnerability in Opera.dll in Opera 9.52 allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly escaped before storage in the History Search database aka md.dat, a different vector than CVE-2008-4696. NOTE: some of these...

CVE-2008-4725

CVE-2008-4725 describes a Cross-site scripting (XSS) vulnerability in Opera 9.52 related to History Search where query-string data is not properly escaped before storage in md.dat. The issue allows remote attackers to inject scripts via History Search results. Connected sources confirm Opera 9.52...

Cross site scripting

Cross-site scripting XSS vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2008-4139

Cross-site scripting XSS vulnerability in admin.php in OpenSolution Quick.Cms.Lite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2008-4140

Cross-site scripting XSS vulnerability in admin.php in Quick.Cart 3.1 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2008-4140

CVE-2008-4140 is an XSS vulnerability in Quick.Cart 3.1, exploitable via the query string to admin.php. The issue arises from unsanitized input in the admin.php handling, allowing remote attackers to inject arbitrary web script or HTML. The CVE’s context indicates the vulnerability affects Quick....

PT-2008-5439

Name of the Vulnerable Software and Affected Versions Quick.Cart version 3.1 Description A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the query string in the admin.php file. Recommendations For Quick.Cart version...

Fixed in Apache Tomcat 5.5.27

Low: Cross-site scripting CVE-2008-1232 The message argument of HttpServletResponse.sendError call is not only displayed on the error page, but is also used for the reason-phrase of HTTP response. This may include characters that are illegal in HTTP headers. It is possible for a specially crafted...

CVE-2008-3906

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string...

CVE-2008-3906

CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the query string...