phpMyFAQ 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities

phpMyFAQ 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/37180/info phpMyFAQ is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to...

phpMyFAQ < 2.5.4 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/37180/info phpMyFAQ is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...

SmartMedia Module 0.85 Beta for XOOPS - categoryId Cross-Site Scripting

SmartMedia Module 0.85 Beta for XOOPS - categoryId Cross-Site Scripting source: https://www.securityfocus.com/bid/37156/info The SmartMedia module for XOOPS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this...

WordPress Plugin WP-phpList 2.10.2 - unsubscribeemail Cross-Site Scripting

WordPress Plugin WP-phpList 2.10.2 - unsubscribeemail Cross-Site Scripting source: https://www.securityfocus.com/bid/37096/info The WP-PHPList plugin for WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker...

WordPress WP-PHPList Plugin 2.10.2 - Cross-Site Scripting Vulnerability

WP-PHPList plugin is prone to a cross-site scripting vulnerability. Application fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal cookie-based authenticati...

WordPress Plugin WP-phpList 2.10.2 - 'unsubscribeemail' Cross-Site Scripting

source: https://www.securityfocus.com/bid/37096/info The WP-PHPList plugin for WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of ...

phpMyFAQ < 2.0.17, 2.5.x < 2.5.2 XSS Vulnerability

phpMyFAQ is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyfaq:phpmyfaq"...

WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting Authentication Bypass Vulnerabilities (1)

WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting Authentication Bypass Vulnerabilities 1 source: https://www.securityfocus.com/bid/37099/info The FireStats plugin for WordPress is prone to multiple cross-site scripting vulnerabilities and an authentication-bypass vulnerability. An...

WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting Authentication Bypass Vulnerabilities (2)

WordPress Plugin Firestats 1.0.2 - Multiple Cross-Site Scripting Authentication Bypass Vulnerabilities 2 source: https://www.securityfocus.com/bid/37099/info The FireStats plugin for WordPress is prone to multiple cross-site scripting vulnerabilities and an authentication-bypass vulnerability. An...

FreeBSD : wordpress -- multiple vulnerabilities (0640198a-d117-11de-b667-0030843d3802)

secunia reports : The security issue is caused due to the wpcheckfiletype function in /wp-includes/functions.php improperly validating uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script with multiple extensions. Successful exploitation of this...

Joomla! Component Webee Comments 1.1/1.2 - &#039;index2.php&#039; articleId SQL Injection

source: https://www.securityfocus.com/bid/38204/info The Joomla! Webee component is prone to an SQL-injection vulnerability and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage the HTML-injection issues to execute arbitrary...

Oracle Application Server Portal Cross Site Scripting

Oracle Application Server is a multi-platform solution for developing and deploying enterprise applications and web sites. The server ships with several additional components that extend its functionality. Oracle's Single Sign-On Server SSO was part of Oracle Application Server till version...

CUPS - kerberos Cross-Site Scripting

CUPS - kerberos Cross-Site Scripting Attackers can exploit this issue by enticing an unsuspecting victim into following a malicious URI. The following example URI is available: http://www.example.com/admin/?kerberos=onmouseover=alert source: https://www.securityfocus.com/bid/36958/info CUPS is...

CuteNews 1.4.6 - from_date_day Full Path Disclosure

CuteNews 1.4.6 - fromdateday Full Path Disclosure source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues...

CuteNews 1.4.6 - search.php Multiple Cross-Site Scripting Vulnerabilities

CuteNews 1.4.6 - search.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and...

CuteNews 1.4.6 - index.php Multiple Cross-Site Scripting Vulnerabilities

CuteNews 1.4.6 - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and...

CuteNews 1.4.6 - result Cross-Site Scripting

CuteNews 1.4.6 - result Cross-Site Scripting source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note...

CuteNews 1.4.6 - &#039;from_date_day&#039; Full Path Disclosure

source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...

CuteNews 1.4.6 editnews Module - doeditnews Action Admin Moderation Bypass

CuteNews 1.4.6 editnews Module - doeditnews Action Admin Moderation Bypass source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, an...

CuteNews 1.4.6 editnews Module - doeditnews Action Admin Moderation Bypass

source: https://www.securityfocus.com/bid/36971/info CuteNews and UTF-8 CuteNews are prone to multiple vulnerabilities, including cross-site scripting, HTML-injection, information-disclosure, arbitrary-script-injection, and security-bypass issues. Note that exploits for some of the issues may...