BGSvetionik BGS CMS 'search' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38264/info BGSvetionik BGS CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browse...

webSPELL 4.1.2 usergallery.php galleryID Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/26787/info webSPELL is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browse...

RoundCube Webmail 0.2 Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37654/info RoundCube Webmail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser ...

Apache Geronimo 2.1.x /console/portal/ URI XSS

No description provided by source. source: http://www.securityfocus.com/bid/34562/info Apache Geronimo Application Server is prone to multiple remote vulnerabilities: - Multiple directory-traversal vulnerabilities - A cross-site scripting vulnerability - Multiple HTML-injection vulnerabilities - ...

Achievo 1.3.2 'atknodetype' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/31326/info Achievo is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Technology for Solutions 1.0 'id' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37811/info Technology for Solutions is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

Novell GroupWise 7.0 - HTML Injection and Denial of Service Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/28944/info Novell GroupWise is prone to an HTML-injection vulnerability and a denial-of-service vulnerability. By exploiting the HTML-injection vulnerability, attackers can execute HTML and script code in the context of t...

Xoops 1.3.x/2.0 MyTextSanitizer HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7434/info A HTML injection vulnerability has been discovered in Xoops. The problem occurs due to insufficient filtering of HTML and script code by the MyTextSanitizer script. Successful exploitation of this vulnerability...

vtiger CRM 5.0.4 Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/30951/info vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the...

Authoria HR Suite AthCGI.EXE Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5932/info Authoria HR Suite is prone to cross-site scripting attacks. An attacker could construct a malicious link to a vulnerable host that contains arbitrary HTML and script code. If this link is visited by a web user,...

ClanSphere 2009 'text' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/35605/info ClanSphere is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Wordpress 1.x/2.0.x Templates.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22534/info WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

Softbiz Image Gallery browsecats.php msg Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/30546/info Softbiz Photo Gallery is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script co...

OSCommerce 2.1/2.2 Error_Message Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7151/info It has been reported that osCommerce does not sufficiently filter URI parameters supplied to multiple osCommerce scripts. As a result of this deficiency, it is possible for a remote attacker to create a maliciou...

VBulletin 2.x Private.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9940/info It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'ptivate.php' script. This issue is reportedly due to a failure to sanitize user input and so allow for injection of HT...

Yahoo! Messenger <= 8.0 Notification Message HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/22269/info Yahoo! Messenger is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

VBulletin 3.0 ShowThread.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9889/info It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'showthread.php' script. This issue is reportedly due to a failure to sanitize user input and so allow for injection of...

Turnkey eBook Store 1.1 'keywords' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34324/info Turnkey eBook Store is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...

ShoutBox 1.2 Form Field HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5354/info shoutBOX does not sufficiently sanitize HTML tags from input supplied via form fields. Attackers may exploit this lack of input validation to inject arbitrary HTML and script code into pages that are generated b...

Piwik <= 0.5.5 'form_url' Parameter Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/39144/info Piwik is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an...