Symantec SecurityExpressions Audit and Compliance Server Multiple XSS

Symantec SecurityExpressions Audit and Compliance Server is installed on the remote host. The installed version is affected by multiple cross-site scripting vulnerabilities. - The web console fails to sanitize user-supplied input to certain unspecified parameters. An authorized user may be able t...

OpenSolution Quick.Cart - Local File Inclusion Cross-Site Scripting

OpenSolution Quick.Cart - Local File Inclusion Cross-Site Scripting source: https://www.securityfocus.com/bid/42182/info Quick.Cart is prone to multiple local file-include vulnerabilities and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attack...

e107 'Referer' Header Cross-Site Scripting Vulnerability

e107 is prone to remote Cross-Site Scripting vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:e107:e107";...

OpenSolution Quick.Cart - Local File Inclusion / Cross-Site Scripting

source: https://www.securityfocus.com/bid/42182/info Quick.Cart is prone to multiple local file-include vulnerabilities and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerability using...

X-Cart Email Subscription - 'email' Cross-Site Scripting

source: https://www.securityfocus.com/bid/36601/info X-Cart is prone to a cross-site scripting vulnerability in the email subscription component because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

Activedition - '/activedition/aelogin.asp' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/42164/info Activedition is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in t...

WX-Guestbook 1.1.208 - SQL Injection HTML Injection

WX-Guestbook 1.1.208 - SQL Injection HTML Injection source: https://www.securityfocus.com/bid/41741/info WX-Guestbook is prone to multiple SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage thes...

WX-Guestbook 1.1.208 - SQL Injection / HTML Injection

source: https://www.securityfocus.com/bid/41741/info WX-Guestbook is prone to multiple SQL-injection vulnerabilities and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application, access or...

Mega File Hosting Script 1.2 - emaillinks.php Cross-Site Scripting

Mega File Hosting Script 1.2 - emaillinks.php Cross-Site Scripting source: https://www.securityfocus.com/bid/36413/info Mega File Hosting Script is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execu...

RSSMediaScript - index.php Cross-Site Scripting

RSSMediaScript - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/42421/info RSSMediaScript is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in t...

Mega File Hosting Script 1.2 - 'emaillinks.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/36413/info Mega File Hosting Script is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...

PaoBacheca 2.1 - scrivi.php URI Cross-Site Scripting

PaoBacheca 2.1 - scrivi.php URI Cross-Site Scripting source: https://www.securityfocus.com/bid/42423/info PaoBacheca is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary scri...

PaoLink 1.0 - 'scrivi.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/42420/info PaoLink is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of th...

TuttoPHP Morris Guestbook - 'view.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/36415/info Morris Guestbook is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

FreeBSD : horde-base -- multiple vulnerabilities (ee23aa09-a175-11de-96c0-0011098ad87f)

The Horde team reports : An error within the form library when handling image form fields can be exploited to overwrite arbitrary local files. An error exists within the MIME Viewer library when rendering unknown text parts. This can be exploited to execute arbitrary HTML and script code in a...

Match Agency BiZ - report.php?pid Cross-Site Scripting

Match Agency BiZ - report.php?pid Cross-Site Scripting source: https://www.securityfocus.com/bid/42976/info Datetopia Match Agency BiZ is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these...

Match Agency BiZ - edit_profile.php?important Cross-Site Scripting

Match Agency BiZ - editprofile.php?important Cross-Site Scripting source: https://www.securityfocus.com/bid/42976/info Datetopia Match Agency BiZ is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may...

Match Agency BiZ - 'report.php?pid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/42976/info Datetopia Match Agency BiZ is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser o...

Planet 2.0 - HTML Injection

source: https://www.securityfocus.com/bid/36392/info Planet is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and script code would run in the context of the...

SZNews 2.7 - printnews.php3 Remote File Inclusion

SZNews 2.7 - printnews.php3 Remote File Inclusion source: https://www.securityfocus.com/bid/42974/info SZNews is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive...