3013 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in index.php AlstraSoft E-Friends allows remote attackers to inject arbitrary web script or HTML via the pid parameter in a peoplecard action. NOTE: this might overlap CVE-2006-2564...
CVE-2007-4048
Cross-site scripting XSS vulnerability in index.php in phpSysInfo 2.5.4-dev and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...
Cross site scripting
Cross-site scripting XSS vulnerability in W1L3D4aramasonuc.asp in W1L3D4 Philboard 0.3 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2007-3383
CVE-2007-3383 is an XSS flaw in Apache Tomcat’s SendMailServlet (examples/jsp/mail/sendmail.jsp) affecting Tomcat 4.0.0–4.0.6 and 4.1.0–4.1.36. The vulnerability allows remote attackers to inject arbitrary script/HTML via the From field (and possibly other fields) during error-message generation....
CVE-2007-3940
Cross-site scripting XSS vulnerability in default.asp in QuickerSite 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the svalue parameter in a search action. NOTE: some of these details are obtained from third party information...
CVE-2007-3885
CVE-2007-3885 is an XSS vulnerability in husrevforum 1.0.1, affecting philboard_search.asp via the searchterms parameter. The connected documents confirm the affected component and the entry’s cross-site scripting nature, but do not provide remediation steps, exploit details, or version-specific ...
CVE-2007-3017
The CVE-2007-3017 issue affects the activeWeb contentserver CMS (WYSIWYG editor applet). The root cause is insufficient server-side filtering of article content, where malicious tags bypass client-side protections and enable JavaScript injection via a POST to admin/worklist/worklist_edit.asp afte...
CVE-2007-3580
CVE-2007-3580 affects PHPIDS and is described as a vulnerability where certain code containing newlines within a loop (demonstrated by a try/catch block) is not properly handled, enabling user‑assisted remote attackers to inject arbitrary web script. The public records cite this as a cross‑site s...
EUVD-2006-5736
Cross-site scripting XSS vulnerability in modstatus.c in the modstatus module in Apache HTTP Server httpd, when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browser...
CVE-2007-3342
CVE-2007-3342 documents multiple XSS flaws in Movable Type (MT) prior to version 3.34. Attack vectors include (1) a malformed SGML numeric character reference with a null byte in a javascript: URI and (2) an element attribute missing the closing '>' in the start tag. The vulnerability allows r...
CVE-2007-3129
CVE-2007-3129 concerns an XSS vulnerability in Utopia News Pro 1.4.0, specifically in login.php where the password parameter can be exploited to inject script/HTML. The vulnerability is described across multiple sources (NVD, CVE records, and Full-Disclosure material), with exploitation details i...
CVE-2007-3227
Cross-site scripting XSS vulnerability in the tojson ActiveRecord::Basetojson function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values...
Link Request Contact Form 3.4 Remote Code Execution Vulnerability
No description provided by source. -=--------------------ADVISORY-------------------=- Link Request Contact Form v3.4 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Link Request Contact Form -=+ Version: 3.4 -=+ Vendor's URL:...
lrcf-inject.txt
-=--------------------ADVISORY-------------------=- Link Request Contact Form v3.4 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Link Request Contact Form -=+ Version: 3.4 -=+ Vendor's URL:...
Link Request Contact Form 3.4 - Remote Code Execution
-=--------------------ADVISORY-------------------=- Link Request Contact Form v3.4 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Link Request Contact Form -=+ Version: 3.4 -=+ Vendor's URL:...
Link Request Contact Form 3.4 - Remote Code Execution
Link Request Contact Form 3.4 - Remote Code Execution -=--------------------ADVISORY-------------------=- Link Request Contact Form v3.4 Author: CorryL [email protected] -=-----------------------------------------------=- -=+ Application: Link Request Contact Form -=+ Version: 3.4 -=+ Vendor's...
Link Request Contact Form 3.4 Remote Code Execution Vulnerability
Exploit for unknown platform in category web applications ================================================================= Link Request Contact Form 3.4 Remote Code Execution Vulnerability ================================================================= -=+ Application: Link Request Contact For...
Cross site scripting
Cross-site scripting XSS vulnerability in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the title field in an email...
EUVD-2007-2724
Multiple cross-site scripting XSS vulnerabilities in Jetbox CMS allow remote attackers to inject arbitrary web script or HTML via the 1 path parameter to view/search/; or the 2 companyname, 3 country, 4 email, 5 firstname, 6 middlename, 7 required, 8 surname, or 9 title parameter to...
CVE-2007-2625
CVE-2007-2625 is an XSS vulnerability in All In One Control Panel (AIOCP) prior to 1.3.016. The flaw resides in shared/code/cp_authorization.php and allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. The entry notes that details are from third-party sources...