MoinMoin 1.8 - 'AttachFile.py' Cross-Site Scripting

source: https://www.securityfocus.com/bid/33365/info MoinMoin is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

LemonLDAP:NG 0.9.3.1 - User Enumeration Cross-Site Scripting

LemonLDAP:NG 0.9.3.1 - User Enumeration Cross-Site Scripting source: https://www.securityfocus.com/bid/33312/info LemonLDAP:NG is prone to a user-enumeration weakness and a cross-site scripting vulnerability. A remote attacker can exploit the user-enumeration weakness to enumerate valid usernames...

MKPortal 1.2.1 - modulesrsshandler_image.php?i Cross-Site Scripting

MKPortal 1.2.1 - modulesrsshandlerimage.php?i Cross-Site Scripting source: https://www.securityfocus.com/bid/33300/info MKPortal is prone to multiple security vulnerabilities, including SQL-injection, HTML-injection, cross-site scripting, arbitrary-file-upload, and insecure-temporary-file-creatio...

MKPortal 1.2.1 - '/modules/blog/index.php' Home Template Textarea SQL Injection

source: https://www.securityfocus.com/bid/33300/info MKPortal is prone to multiple security vulnerabilities, including SQL-injection, HTML-injection, cross-site scripting, arbitrary-file-upload, and insecure-temporary-file-creation vulnerabilities. Attackers can exploit these issues to execute...

Cisco IOS HTTP Server Ping Parameter Cross-Site Scripting Vulnerability

Cisco IOS Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary HTML and script code in the user's browser session. The vulnerability exists due to an input sanitization error in the embedded HTTP server. An unauthenticated, remote attacker...

Cisco IOS 12.x - HTTP Server Multiple Cross-Site Scripting Vulnerabilities

Cisco IOS 12.x - HTTP Server Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/33260/info Cisco IOS HTTP Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage...

Cisco IOS 12.x - HTTP Server Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/33260/info Cisco IOS HTTP Server is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecti...

FreeBSD : cgiwrap -- XSS Vulnerability (bc6a7e79-e111-11dd-afcd-00e0815b8da8)

Secunia reports : A vulnerability has been reported in CGIWrap, which can be exploited by malicious people to conduct cross-site scripting attacks. The vulnerability is caused due to the application generating error messages without specifying a charset. This can be exploited to execute arbitrary...

PRTG Traffic Grapher 6.2.1 - 'url' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40630/info PRTG Traffic Grapher is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Openfire 3.6.2 - 'group-summary.jsp' Cross-Site Scripting

source: https://www.securityfocus.com/bid/32937/info Openfire is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Plunet BusinessManager 4.1 - pagesUTF8Sys_DirAnzeige.jsp?Pfad Direct Request Information Disclosure

Plunet BusinessManager 4.1 - pagesUTF8SysDirAnzeige.jsp?Pfad Direct Request Information Disclosure source: https://www.securityfocus.com/bid/33153/info Plunet BusinessManager is prone to multiple security-bypass and HTML-injection vulnerabilities because it fails to properly sanitize user-supplie...

Plunet BusinessManager 4.1 - '/pagesUTF8/auftrag_allgemeinauftrag.jsp' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/33153/info Plunet BusinessManager is prone to multiple security-bypass and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of a...

Plunet BusinessManager 4.1 - pagesUTF8auftrag_allgemeinauftrag.jsp Multiple Cross-Site Scripting Vulnerabilities

Plunet BusinessManager 4.1 - pagesUTF8auftragallgemeinauftrag.jsp Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/33153/info Plunet BusinessManager is prone to multiple security-bypass and HTML-injection vulnerabilities because it fails to properly sanitize...

Plunet BusinessManager 4.1 - 'pagesUTF8/Sys_DirAnzeige.jsp?Pfad' Direct Request Information Disclosure

source: https://www.securityfocus.com/bid/33153/info Plunet BusinessManager is prone to multiple security-bypass and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of a...

KDE Konqueror 4.1 - Multiple Cross-Site Scripting / Denial of Service Vulnerabilities

source: https://www.securityfocus.com/bid/33085/info KDE Konqueror is prone to multiple cross-site scripting vulnerabilities and multiple denial-of-service vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute...

IceWarp Merak Mail Server < 9.4.0 IMG Tag XSS

The remote host is running IceWarp Merak Mail Server - a webmail server for Windows and Linux. According to its banner, the version of IceWarp installed on the remote host is older than 9.4.0. Such versions reportedly fail to sanitize input passed to 'IMG' HTML tags in an email message before...

ViArt Shop 3.5 - manuals_search.php?manuals_search Cross-Site Scripting

ViArt Shop 3.5 - manualssearch.php?manualssearch Cross-Site Scripting source: https://www.securityfocus.com/bid/33043/info ViArt Shop is prone to multiple remote vulnerabilities: - Multiple cross-site scripting vulnerabilities - An information-disclosure vulnerability - An authentication-bypass...

ViArt Shop 3.5 - &#039;manuals_search.php?manuals_search&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/33043/info ViArt Shop is prone to multiple remote vulnerabilities: - Multiple cross-site scripting vulnerabilities - An information-disclosure vulnerability - An authentication-bypass vulnerability An attacker can exploit these issues to execute arbitrary...

COMTREND CT-536 / HG-536 Routers - Multiple Remote Vulnerabilities

source: https://www.securityfocus.com/bid/32975/info COMTREND CT-536 and HG-536 are prone to multiple remote vulnerabilities: - Multiple unauthorized-access vulnerabilities - An information-disclosure vulnerability - Multiple cross-site scripting vulnerabilities - A denial-of-service vulnerabilit...

FreeBSD : mediawiki -- multiple vulnerabilities (61b07d71-ce0e-11dd-a721-0030843d3802)

The MediaWiki development team reports : Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Certain unspecified input related to uploads ...