88 matches found
CVE-2007-3238
Cross-site scripting XSS vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATHINFO REQUESTURI to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not...
Cross site scripting
Cross-site scripting XSS vulnerability in 404.php in Domain Technologie Control DTC before 0.25.9 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO REQUESTURI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
WordPress Vistered Little Theme - XSS
Because of this vulnerability in 404.php, the attackers can inject arbitrary web script or HTML via the URI REQUESTURI that accesses index.php. Solution Update the theme...
WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting
source: https://www.securityfocus.com/bid/24383/info WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This...
sriweb-xss.txt
XSS found by fl0 fl0w in sri.ro Description: The Romanian Secret Service web site suffers from cross site scripting vulnerability. Author: fl0 fl0w Homepage: http://popesculescu.lx.ro File Size: 5,13 KB site 'search' variable XSS Cross Site Scripting in URI Desciption : This XSS variant usually...
CVE-2006-3848
Cross-site scripting XSS vulnerability in CGI wrapper for IP Calculator IPCalc 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI REQUESTURI environment variable, which is used in the actionurl variable...
CVE-2005-4221
SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 allows remote attackers to execute arbitrary SQL commands via the 1 PHPSESSID session ID or 2 REQUESTURI query string...
CVE-2005-4221
CVE-2005-4221 concerns an SQL injection in Arab Portal System 2 Beta 2, specifically in link.php. The vulnerability allows remote attackers to inject arbitrary SQL commands via the PHPSESSID (session ID) or the REQUEST_URI (query string). Public references confirm the issue and its CVE entry, but...