227 matches found
Phorum 5.0.14 Multiple Subject and Attachment HTML Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/12800/info Phorum is reportedly affected by multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated...
SQLiteManager 1.2 Main.PHP Multiple HTML Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/22731/info SQLiteManager is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to execute HTML and script cod...
DCP-Portal 3.7/4.x/5.x Multiple HTML Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/11339/info DCP-Portal is reported prone to multiple HTML injection vulnerabilities. It is reported that DCP-Portal does not sufficiently filter data submitted via input fields in several scripts. These vulnerabilities may...
Microsoft Outlook 2003 Security Policy Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/11446/info Microsoft Outlook 2003 is reported prone to a security policy bypass vulnerability. It is reported that by including a base64 encoded image in an email and labeling that image in a sufficient manner, it is then...
NolaPro Enterprise 4.0.5538 Cross Site Scripting and SQL Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/39875/info NolaPro Enterprise is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials,...
XSS vulnerability in JIRA description field
Using a link like: code https://x.x.com/x= please click here onmousemove=alert1 code shows a serious XSS vulnerability - using error correction in browsers Firefox 24 - in the JIRA description field and most likely every other wiki-style rendered field. Example: https://x.x.com/x= please click he...
XSS vulnerability in JIRA description field
Using a link like: code https://x.x.com/x= please click here onmousemove=alert1 code shows a serious XSS vulnerability - using error correction in browsers Firefox 24 - in the JIRA description field and most likely every other wiki-style rendered field. Example: https://x.x.com/x= please click he...
Persistent xss within build and plan labels
Labels are not escaped when rendered in several resources and so are a persistent xss vector. Some example resources where this can be seen include: plan configuration, plan viewing, http://$host/bamboo/build/label/viewLabels.action and allPlans.action as filter options. An example label which ca...
IFOBS - 'regclientprint.jsp' Multiple HTML Injection Vulnerabilities
source: https://www.securityfocus.com/bid/55561/info IFOBS is prone to multiple HTML-injection vulnerabilities. Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how th...
Javascript escape the value of "dark features" within the javascript context they are rendered out in
Current user specific dark feature values are not javascript escaped in the javascript context they exist in. e.g. the value "' + evalalert1 ' +" without the double quotes appears like the following in the feature javascript context: / Dark features are features that can enabled and disabled per...
'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331)
'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability CVE-2010-4331 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in 'Seo Panel' page rendering which allows for unfiltered, unencrypted content to be presented to a user...
Seo Panel 2.2.0 Cookie-Rendered Persistent XSS Vulnerability
Exploit for php platform in category web applications 'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability CVE-2010-4331 Mark Stanislav - email protected I. DESCRIPTION --------------------------------------- A vulnerability exists in 'Seo Panel' page rendering which allows for unfiltered,...
Seo Panel 2.2.0 - Cookie-Rendered Persistent Cross-Site Scripting
Seo Panel 2.2.0 - Cookie-Rendered Persistent Cross-Site Scripting 'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability CVE-2010-4331 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in 'Seo Panel' page rendering which allo...
Seo Panel 2.2.0 - Cookie-Rendered Persistent Cross-Site Scripting
'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability CVE-2010-4331 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in 'Seo Panel' page rendering which allows for unfiltered, unencrypted content to be presented to a user...
Mozilla Firefox/Thunderbird/SeaMonkey - Multiple HTML Injection Vulnerabilities
source: https://www.securityfocus.com/bid/45353/info Mozilla Firefox, SeaMonkey, and Thunderbird are prone to multiple HTML-injection vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the...
Mantis 'manage_proj_cat_add.php' HTML Injection Vulnerability
Mantis is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing...
DiamondList - '/user/main/update_category?category[description]' Cross-Site Scripting
source: https://www.securityfocus.com/bid/42252/info DiamondList is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow...
Friendster.com Cross Site Scripting
================================================================================================== $$$$$$$\ $$\ $$\ $$\ $$$$$$\ $$ $$\ | $$ | $$ | $$ $$\ $$ | $$ |$$\ $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$\ $$ | $$ / $$ | $$$$$$$\ |$$ |$$ |$$ $$\ $$ $$\ $$ $$\ $$ $$\ $$ $$\ $$ |...
Kempt SiteDone 2.0 - detail.php Cross-Site Scripting SQL Injection
Kempt SiteDone 2.0 - detail.php Cross-Site Scripting SQL Injection source: https://www.securityfocus.com/bid/38856/info Kempt SiteDone is prone to an SQL-injection vulnerability and cross-site scripting vulnerability. Exploiting these issues could allow an attacker to steal cookie-based...
Natychmiast CMS - Multiple Cross-Site Scripting / SQL Injections
source: https://www.securityfocus.com/bid/38561/info Natychmiast CMS is prone to multiple cross-site scripting and SQL-injection vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user,...