6665 matches found
Symantec LiveUpdate Administrator Management GUI HTML Injection
No description provided by source. Source: http://www.securityfocus.com/bid/46856/info Symantec LiveUpdate Administrator is prone to an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected application, potentiall...
DCP-Portal 5.3.1 Calendar.php Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7144/info It has been reported that DCP-Portal does not sufficiently filter URI parameters supplied to the DCP-Portal 'calender' script. As a result of this deficiency, it is possible for a remote attacker to create a...
CubeCart 2.0.x Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/12658/info CubeCart is affected by multiple cross-site scripting vulnerabilities; an upgrade is available. These issues exist because the application fails to properly sanitize user-supplied input. As a result of these...
Geeklog 1.3.7 Homepage User Field HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6604/info Geeklog is prone to HTML injection attacks. The user account 'Homepage' field is not sufficiently sanitized of HTML and script code. As a result, a malicious user may inject malicious HTML and script code into...
osCommerce 2.2 manufacturers_id Parameter Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9277/info A vulnerability has been reported to exist in the software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data i...
VBulletin 1.0.1 lite/2.x/3.0 /admincp/index.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues t...
Educe ASP Search Engine 1.5.6 - 'search.asp' Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30849/info ASP Search Engine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser ...
VBulletin 3.0.14 global.php Encoded URL XSS
No description provided by source. source: http://www.securityfocus.com/bid/19358/info vBulletin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the...
Verity K2 Toolkit 2.20 Query Builder Search Script Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8074/info It has been reported that the K2 Toolkit does not sufficiently sanitize input by users. Because of this, it may be possible for an attacker to launch an attack that results in the execution of hostile HTML or...
Softbiz Classifieds Script advertisers/signinform.php msg Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/32569/info Softbiz Classifieds Script is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary scri...
Faq-O-Matic 2.6/2.7 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/4023/info FAQ-O-Matic is a freely available, open-source FAQ Frequently Asked Questions manager. It is intended to run on Linux and Unix variants. FAQ-O-Matic does not sufficiently filter script code from URL parameters. ...
AIOCP 1.3.x cp_edit_user.php choosed_language Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal...
Pixelpost 1.4.3 User Comment HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16362/info Pixelpost is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...
Discuz! 2.0 Multiple Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/37573/info Discuz! is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the...
phpldapadmin 0.9.8 - template_engine.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17643/info PHPLDAPAdmin is prone to multiple input-validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these issues to execute...
Novell Teaming 1.0 User Enumeration Weakness and Multiple Cross Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/34531/info Novell Teaming is prone to a user-enumeration weakness and multiple cross-site scripting vulnerabilities. A remote attacker can exploit the user-enumeration weakness to enumerate valid usernames and then perfor...
IBM Lotus Notes 6.5.x 'names.nsf' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38880/info IBM Lotus Notes is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of...
pMyAdmin 3.3.5.1 'db_create.php' Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/38707/info phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of a...
Xoops Pool Module IMG Tag HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16189/info The XOOPS Pool Module is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...
WikkaWiki 1.1.6 TextSearch.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15860/info WikkaWiki is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scri...