Juniper Networks SA2000 SSL VPN Appliance - welcome.cgi Cross-Site Scripting

Juniper Networks SA2000 SSL VPN Appliance - welcome.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/41664/info Juniper Networks SA2000 SSL VPN appliance is prone to a cross-site scripting vulnerability because the web interface fails to properly sanitize user-supplied input. An...

Internet Explorer and SharePoint 'toStaticHTML' Cross Domain Information Disclosure Vulnerability

Description Microsoft Internet Explorer and Microsoft SharePoint are prone to a cross-domain information-disclosure vulnerability because they fail to properly enforce the same-origin policy. An attacker can exploit this issue to access local files or content from a browser window in another doma...

Cross-site Scripting (XSS) Vulnerabilities in odCMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in odCMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in odCMS 1.1 The vulnerability exists due to input sanitation error in the "content" parameter in...

BoastMachine 3.1 - key Cross-Site Scripting

BoastMachine 3.1 - key Cross-Site Scripting source: https://www.securityfocus.com/bid/40623/info boastMachine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this...

McAfee Unified Threat Management Firewall 4.0.6 - 'page' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40708/info McAfee Unified Threat Management UTM Firewall formerly SnapGear is prone to a cross-site scripting vulnerability because the device's web interface fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

JForum 2.1.8 - 'Username' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40880/info JForum is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the...

WordPress Plugin Gigya Socialize 1.0/1.1.x - Cross-Site Scripting

source: https://www.securityfocus.com/bid/40582/info The Gigya Socialize Plugin for Wordpress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

log1 CMS 2.0 - Session Handling Remote Security Bypass Remote File Inclusion

log1 CMS 2.0 - Session Handling Remote Security Bypass Remote File Inclusion source: https://www.securityfocus.com/bid/40636/info log1 CMS is prone to a security-bypass vulnerability because of a design flaw and a remote file-include vulnerability because it fails to properly sanitize user-suppli...

MoinMoin 1.x - 'PageEditor.py' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40549/info MoinMoin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Joomla! 1.5.x - Multiple Modules 'search' Parameter Cross-Site Scripting Vulnerabilities

Joomla! 1.5.x Multiple Modules 'search' Parameter Cross-Site Scripting Vulnerabilities. CVE-2010-1649. Webapps exploit for php platform source: http://www.securityfocus.com/bid/40444/info Joomla! is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize...

CMScout 2.08 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/40442/info CMScout is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in t...

PHP-Calendar 'description' and 'lastaction' Cross Site Scripting Vulnerabilities

PHP-Calendar is prone to Cross Site Scripting vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross-site Scripting (XSS) Vulnerabilities in FlatNux CMS

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in FlatNux CMS which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerabilities in FlatNux CMS 1.1 The vulnerability exists due to input sanitation error in the "body"...

Cacti Multiple Cross Site Scripting Vulnerabilities

Cacti is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user- supplied input An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allo...

Cisco DPC2100 2.0.2 r1256-060303 - Multiple Security Bypass Cross-Site Request Forgery Vulnerabilities

Cisco DPC2100 2.0.2 r1256-060303 - Multiple Security Bypass Cross-Site Request Forgery Vulnerabilities source: https://www.securityfocus.com/bid/40346/info Cisco DPC2100 formerly Scientific Atlanta DPC2100 is prone to multiple security-bypass and cross-site request-forgery vulnerabilities...

Ruubikcms 1.0.3 - index.php Cross-Site Scripting

Ruubikcms 1.0.3 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40375/info RuubikCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage thi...

Getsimple CMS 2.01 - 'components.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40374/info GetSimple CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Shopzilla Affiliate Script PHP - search.php Cross-Site Scripting

Shopzilla Affiliate Script PHP - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40246/info Shopzilla Affiliate Script PHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to...

SA-CONTRIB-2010-051 - Heartbeat - Cross Site Scripting

The Heartbeat project contains a suite of modules to display user activity on a website. These modules do not properly sanitize some of their output, allowing certain users the ability to insert arbitrary HTML and script code. Such a cross site scripting XSS attack may lead to a malicious user...

SoftDirec 1.05 - 'delete_confirm.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40269/info SoftDirec is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the...