Cross site scripting

Cross-site scripting XSS vulnerability in falha.php in the Bradesco Gateway plugin 2.0 for Wordpress, as used in the WP e-Commerce plugin, allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING...

CVE-2013-5916

The CVE-2013-5916 entry describes a reflected XSS in the Bradesco Gateway WordPress plugin (falha.php) v2.0 used with WP‑eCommerce. The vulnerability is triggered via the QUERY_STRING, allowing remote script injection. CVSS v2 base score 4.3 (MEDIUM). Affected: Bradesco Gateway plugin 2.0 for Wor...

CVE-2011-4958

Cross-site scripting XSS vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING to template placeholders, as demonstrated by a request to 1 admin/reports/, 2...

Cross site scripting

Cross-site scripting XSS vulnerability in the process function in SSViewer.php in SilverStripe before 2.3.13 and 2.4.x before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING to template placeholders, as demonstrated by a request to 1 admin/reports/, 2...

CVE-2013-0201

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to core/lostpassword/templates/resetpassword.php, 2 mime parameter to apps/files/ajax/mimeicon.php, or 3 token parameter to...

CVE-2013-0201

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to core/lostpassword/templates/resetpassword.php, 2 mime parameter to apps/files/ajax/mimeicon.php, or 3 token parameter to...

CVE-2013-0201

Multiple cross-site scripting XSS vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 QUERYSTRING to core/lostpassword/templates/resetpassword.php, 2 mime parameter to apps/files/ajax/mimeicon.php, or 3 token parameter to...

CVE-2013-2289

Cross-site scripting XSS vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING to admin/index.php...

CVE-2013-2289

Cross-site scripting XSS vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERYSTRING to admin/index.php...

WordPress Bradesco Gateway Plugin <= 2.0 - XSS

Because of this vulnerability in falha.php, the attackers can inject arbitrary web script or HTML via the QUERYSTRING. Solution Update the plugin...

mnoGoSearch search.cgi QUERY_STRING Parameter Parsing Arbitrary File Access

The version of mnoGoSearch installed on the remote host is affected by an arbitrary file access vulnerability due to a flaw in the 'search.cgi' script when parsing user-supplied input from the QUERYSTRING parameter. An unauthenticated, remote attacker can leverage this issue by sending a speciall...

Mandrake Security Advisory MDVSA-2009:266 (awstats)

The remote host is missing an update to awstats announced via advisory MDVSA-2009:266. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

CVE-2008-3101

Multiple cross-site scripting XSS vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via 1 the parenttab parameter in an index action to the Products module, as reachable through index.php; 2 the userpassword parameter in an Authenticate action to th...

CVE-2008-3714

Cross-site scripting XSS vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the querystring, a different vulnerability than CVE-2006-3681 and CVE-2006-1945...

CVE-2007-1828

Multiple cross-site scripting XSS vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to inject arbitrary web script or HTML via 1 the QUERYSTRING corresponding to drop downs or 2 various forms...

Open redirect

web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to open files and write "wrong data" via a crafted QUERYSTRING...

CVE-2007-1831

CVE-2007-1831 affects web-app.org WebAPP prior to 0.9.9.6. The issue allows remote authenticated users to open files and write the string "wrong data" through a crafted QUERY_STRING. Impact and remediation are not elaborated beyond the described behavior in the provided sources; exploitation deta...

CVE-2007-1831

web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to open files and write "wrong data" via a crafted QUERYSTRING...

CVE-2005-4780

CVE-2005-4780 affects Fidra Lighthouse CMS 1.1.0 and earlier. The vulnerability is a cross-site scripting (XSS) flaw that could allow remote attackers to inject arbitrary web script or HTML via the search parameter in the query string on the home page. The vendor disputes the issue, arguing Light...

Apache Httpd < 1.3.22 : Multiviews can cause a directory listing to be displayed

A vulnerability was found when Multiviews are used to negotiate the directory index. In some configurations, requesting a URI with a QUERYSTRING of M=D could return a directory listing rather than the expected index page...