HP Insight Diagnostics Online Edition 8.4 - 'survey.php?category' Cross-Site Scripting

source: https://www.securityfocus.com/bid/42888/info HP Insight Diagnostics Online Edition is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of ...

HP Insight Diagnostics Online Edition 8.4 - 'parameters.php?device' Cross-Site Scripting

source: https://www.securityfocus.com/bid/42888/info HP Insight Diagnostics Online Edition is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of ...

phpMyAdmin Multiple Cross Site Scripting Vulnerabilities

phpMyAdmin is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Valarsoft WebMatic 3.0.5 - Multiple HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/42767/info Valarsoft WebMatic is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTM...

BlastChat Client 3.3 - Cross-Site Scripting

BlastChat Client 3.3 - Cross-Site Scripting source: https://www.securityfocus.com/bid/42734/info BlastChat Client is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

BlastChat Client 3.3 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/42734/info BlastChat Client is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Auto CMS 1.6 - autocms.php Cross-Site Scripting

Auto CMS 1.6 - autocms.php Cross-Site Scripting source: https://www.securityfocus.com/bid/42764/info Auto CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script co...

Debian DSA-2092-1 : lxr-cvs - missing input sanitizing

Dan Rosenberg discovered that in lxr-cvs, a code-indexing tool with a web frontend, not enough sanitation of user input is performed; an attacker can take advantage of this and pass script code in order to perform cross-site scripting attacks. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Nagios XI - 'login.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/42604/info Nagios XI is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities

This host is installed with phpCAS and is prone to session hijacking and cross-site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbphpcassessionhijacknxssvuln.nasl 7823 2017-11-20 08:54:04Z cfischer $ phpCAS Session Hijacking and Cross-Site Scripting Vulnerabilities Authors: Madhuri...

Nagios XI - login.php Multiple Cross-Site Scripting Vulnerabilities

Nagios XI - login.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/42604/info Nagios XI is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

Cross-site Request Forgery (CSRF) Vulnerabilities in Amiro.CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Amiro.CMS which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in Amiro.CMS 1.1 The vulnerability exists due to insufficient validation of the request origin i...

FuseTalk categories.aspx FTVAR_SORTORDER Parameter XSS

The installed version of FuseTalk fails to sanitize user-supplied input to the 'FTVARSORTORDER' parameter in file 'categories.aspx' before using it to generate dynamic HTML content. An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrary HTML or script code into...

Microsoft Internet Explorer 8 - 'toStaticHTML()' HTML Sanitization Bypass

source: https://www.securityfocus.com/bid/42467/info Internet Explorer 8 is prone to a security-bypass weakness. Internet Explorer 8 includes a method designed to sanitize executable script constructs from HTML. Attackers can bypass this protection, allowing script code to execute on the client,...

123 Flash Chat 7.8 - Multiple Vulnerabilities

123 Flash Chat 7.8 - Multiple Vulnerabilities source: https://www.securityfocus.com/bid/42478/info 123 Flash Chat is prone to multiple security vulnerabilities. These vulnerabilities include a cross-site scripting vulnerability, multiple information-disclosure vulnerabilities, and a...

CMSimple 3.3 - Cross-Site Scripting Cross-Site Request Forgery

CMSimple 3.3 - Cross-Site Scripting Cross-Site Request Forgery source: https://www.securityfocus.com/bid/42470/info CMSimple is prone to multiple cross-site scripting vulnerabilities and a cross-site request-forgery vulnerability. An attacker can exploit these vulnerabilities to execute arbitrary...

Zomplog 3.9 - 'message' Cross-Site Scripting

souce: https://www.securityfocus.com/bid/42457/info Zomplog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Edit-X PHP CMS - 'search_text' Cross-Site Scripting

source: https://www.securityfocus.com/bid/42442/info Edit-X PHP CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the contex...

CVE-2010-1258

CVE-2010-1258 arises from Internet Explorer 6–8 failing to determine the origin of script code, enabling a remote attacker to run script in a different domain/zone and potentially access user data. The primary entry is through crafted web content that exploits cross-domain context (Event Handler ...

Microsoft Internet Explorer Event Handler Cross Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer is prone to a cross-domain information-disclosure vulnerability because the application fails to properly enforce the same-origin policy. An attacker can exploit this issue to access local files or content from a browser window in another domain or security...