Lucene search
+L

227 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.23 views

Phorum 5.0.14 Multiple Subject and Attachment HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12800/info Phorum is reportedly affected by multiple HTML injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.11 views

SQLiteManager 1.2 Main.PHP Multiple HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/22731/info SQLiteManager is prone to multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues may allow an attacker to execute HTML and script cod...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

DCP-Portal 3.7/4.x/5.x Multiple HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11339/info DCP-Portal is reported prone to multiple HTML injection vulnerabilities. It is reported that DCP-Portal does not sufficiently filter data submitted via input fields in several scripts. These vulnerabilities may...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.33 views

Microsoft Outlook 2003 Security Policy Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11446/info Microsoft Outlook 2003 is reported prone to a security policy bypass vulnerability. It is reported that by including a base64 encoded image in an email and labeling that image in a sufficient manner, it is then...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.31 views

NolaPro Enterprise 4.0.5538 Cross Site Scripting and SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/39875/info NolaPro Enterprise is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials,...

7.1AI score
Exploits0
Atlassian
Atlassian
added 2013/10/30 9:24 a.m.21 views

XSS vulnerability in JIRA description field

Using a link like: code https://x.x.com/x= please click here onmousemove=alert1 code shows a serious XSS vulnerability - using error correction in browsers Firefox 24 - in the JIRA description field and most likely every other wiki-style rendered field. Example: https://x.x.com/x= please click he...

0.6AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2013/10/30 9:24 a.m.21 views

XSS vulnerability in JIRA description field

Using a link like: code https://x.x.com/x= please click here onmousemove=alert1 code shows a serious XSS vulnerability - using error correction in browsers Firefox 24 - in the JIRA description field and most likely every other wiki-style rendered field. Example: https://x.x.com/x= please click he...

0.6AI score
Exploits0
Atlassian
Atlassian
added 2012/10/08 4:9 a.m.23 views

Persistent xss within build and plan labels

Labels are not escaped when rendered in several resources and so are a persistent xss vector. Some example resources where this can be seen include: plan configuration, plan viewing, http://$host/bamboo/build/label/viewLabels.action and allPlans.action as filter options. An example label which ca...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2012/09/15 12:0 a.m.18 views

IFOBS - 'regclientprint.jsp' Multiple HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/55561/info IFOBS is prone to multiple HTML-injection vulnerabilities. Exploiting these issues may allow an attacker to execute HTML and script code in the context of the affected site, to steal cookie-based authentication credentials, or to control how th...

7.4AI score
Exploits0
Atlassian
Atlassian
added 2012/05/07 7:0 a.m.20 views

Javascript escape the value of "dark features" within the javascript context they are rendered out in

Current user specific dark feature values are not javascript escaped in the javascript context they exist in. e.g. the value "' + evalalert1 ' +" without the double quotes appears like the following in the feature javascript context: / Dark features are features that can enabled and disabled per...

1.3AI score
Exploits0Affected Software1
securityvulns
securityvulns
added 2011/01/18 12:0 a.m.128 views

'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331)

'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability CVE-2010-4331 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in 'Seo Panel' page rendering which allows for unfiltered, unencrypted content to be presented to a user...

4.3CVSS5.3AI score0.01519EPSS
Exploits6
0day.today
0day.today
added 2011/01/17 12:0 a.m.30 views

Seo Panel 2.2.0 Cookie-Rendered Persistent XSS Vulnerability

Exploit for php platform in category web applications 'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability CVE-2010-4331 Mark Stanislav - email protected I. DESCRIPTION --------------------------------------- A vulnerability exists in 'Seo Panel' page rendering which allows for unfiltered,...

7.1AI score0.01519EPSS
Exploits6
exploitpack
exploitpack
added 2011/01/16 12:0 a.m.53 views

Seo Panel 2.2.0 - Cookie-Rendered Persistent Cross-Site Scripting

Seo Panel 2.2.0 - Cookie-Rendered Persistent Cross-Site Scripting 'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability CVE-2010-4331 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in 'Seo Panel' page rendering which allo...

4.3CVSS6.1AI score0.01519EPSS
Exploits6
Exploit DB
Exploit DB
added 2011/01/16 12:0 a.m.31 views

Seo Panel 2.2.0 - Cookie-Rendered Persistent Cross-Site Scripting

'Seo Panel' Cookie-Rendered Persistent XSS Vulnerability CVE-2010-4331 Mark Stanislav - [email protected] I. DESCRIPTION --------------------------------------- A vulnerability exists in 'Seo Panel' page rendering which allows for unfiltered, unencrypted content to be presented to a user...

4.3CVSS6.7AI score0.01519EPSS
Exploits6
Exploit DB
Exploit DB
added 2010/12/09 12:0 a.m.39 views

Mozilla Firefox/Thunderbird/SeaMonkey - Multiple HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/45353/info Mozilla Firefox, SeaMonkey, and Thunderbird are prone to multiple HTML-injection vulnerabilities. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2010/08/06 12:0 a.m.26 views

Mantis 'manage_proj_cat_add.php' HTML Injection Vulnerability

Mantis is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing...

2.1CVSS5.9AI score0.01804EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2010/08/05 12:0 a.m.23 views

DiamondList - '/user/main/update_category?category[description]' Cross-Site Scripting

source: https://www.securityfocus.com/bid/42252/info DiamondList is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2010/05/04 12:0 a.m.25 views

Friendster.com Cross Site Scripting

================================================================================================== $$$$$$$\ $$\ $$\ $$\ $$$$$$\ $$ $$\ | $$ | $$ | $$ $$\ $$ | $$ |$$\ $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$\ $$ | $$ / $$ | $$$$$$$\ |$$ |$$ |$$ $$\ $$ $$\ $$ $$\ $$ $$\ $$ $$\ $$ |...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2010/03/18 12:0 a.m.14 views

Kempt SiteDone 2.0 - detail.php Cross-Site Scripting SQL Injection

Kempt SiteDone 2.0 - detail.php Cross-Site Scripting SQL Injection source: https://www.securityfocus.com/bid/38856/info Kempt SiteDone is prone to an SQL-injection vulnerability and cross-site scripting vulnerability. Exploiting these issues could allow an attacker to steal cookie-based...

8.1AI score
Exploits0
Exploit DB
Exploit DB
added 2010/03/05 12:0 a.m.18 views

Natychmiast CMS - Multiple Cross-Site Scripting / SQL Injections

source: https://www.securityfocus.com/bid/38561/info Natychmiast CMS is prone to multiple cross-site scripting and SQL-injection vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, control how the site is rendered to the user,...

7.4AI score
Exploits0
Rows per page
Query Builder