Mahara Multiple Vulnerabilities (Apr 2011)

Mahara is prone to multiple cross-site scripting XSS and cross-site request forgery CSRF vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Mahara Cross Site Scripting and Cross Site Request Forgery Vulnerabilities

This host is running Mahara and is prone to cross site scripting and cross site request forgery vulnerabilities. OpenVAS Vulnerability Test $Id: secpodmaharaxssncsrfvuln.nasl 7029 2017-08-31 11:51:40Z teissa $ Mahara Cross Site Scripting and Cross Site Request Forgery Vulnerabilities Authors:...

Collabtive Multiple Remote Input Validation Vulnerabilities

Collabtive is prone to multiple remote input-validation vulnerabilities including cross-site scripting, HTML-injection, and directory-traversal issues. Attackers can exploit these issues to obtain sensitive information, execute arbitrary script code, and steal cookie-based authentication...

pppBLOG 'search.php' Cross Site Scripting Vulnerability

pppBLOG is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

DataDynamics Report Library CoreHandler XSS

Class Input Validation Error CVE Remote Yes Local No Published Mar 30 2011 11:00AM Credit Dionach Vulnerable Grapecity DataDynamics Report Library 1.6.1871.61 and earlier Grapecity's DataDynamics Report Library is prone to a cross-site scripting vulnerability because it fails to sufficiently...

Collabtive 0.6.5 - Multiple Remote Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/47105/info Collabtive is prone to multiple remote input-validation vulnerabilities including cross-site scripting, HTML-injection, and directory-traversal issues. Attackers can exploit these issues to obtain sensitive information, execute arbitrary script...

InTerra Blog Machine 1.84 - 'subject' HTML Injection

source: https://www.securityfocus.com/bid/47104/info InTerra Blog Machine is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the conte...

Collabtive 0.6.5 - Multiple Remote Input Validation Vulnerabilities

Collabtive 0.6.5 - Multiple Remote Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/47105/info Collabtive is prone to multiple remote input-validation vulnerabilities including cross-site scripting, HTML-injection, and directory-traversal issues. Attackers can exploit...

InTerra Blog Machine 1.84 - subject HTML Injection

InTerra Blog Machine 1.84 - subject HTML Injection source: https://www.securityfocus.com/bid/47104/info InTerra Blog Machine is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code ...

Cross-site Request Forgery (CSRF) in Plogger

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Plogger which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF vulnerability in Plogger The vulnerability exists due to insufficient validation of the request...

XOOPS - 'view_photos.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47085/info XOOPS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the brows...

osCSS 2.1 - Multiple Cross-Site Scripting Local File Inclusions

osCSS 2.1 - Multiple Cross-Site Scripting Local File Inclusions source: https://www.securityfocus.com/bid/47074/info osCSS is prone to a cross-site scripting vulnerability and multiple local file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied data. An...

Spitfire 1.0.3x - cms_username Cross-Site Scripting

Spitfire 1.0.3x - cmsusername Cross-Site Scripting source: https://www.securityfocus.com/bid/47077/info Spitfire is prone to a cross-site scripting vulnerability. because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary scrip...

Tracks 1.7.2 - URI Cross-Site Scripting

Tracks 1.7.2 - URI Cross-Site Scripting source: https://www.securityfocus.com/bid/47078/info Tracks is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Tracks 1.7.2 - URI Cross-Site Scripting

source: https://www.securityfocus.com/bid/47078/info Tracks is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

Alkacon OpenCMS 7.5.x - Multiple Cross-Site Scripting Vulnerabilities

Alkacon OpenCMS 7.5.x - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/47055/info Alkacon OpenCms is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage the...

webEdition CMS HTML Injection and Local File Include Vulnerabilities

webEdition CMS is prone to multiple HTML-injection vulnerabilities and a local file-include vulnerability. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication...

OrangeHRM 'jobVacancy.php' Cross Site Scripting Vulnerability

OrangeHRM is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

pppBLOG 0.3 - 'search.php' Cross-Site Scripting Vulnerability

pppBLOG 0.3 'search.php' Cross Site Scripting Vulnerability. Webapps exploit for php platform source: http://www.securityfocus.com/bid/47068/info pppBLOG is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically...

OrangeHRM 2.6.2 - 'jobVacancy.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47046/info OrangeHRM is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the...