Microsoft Outlook Web Access for Exchange Server Email Field Cross-Site Scripting Vulnerability

Description Microsoft Outlook Web Access OWA for Exchange Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...

DodosMail 2.5 - 'dodosmail.php' Local File Inclusion

source: https://www.securityfocus.com/bid/30112/info DodosMail is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings to execute local script code in the context of the...

DodosMail 2.5 - dodosmail.php Local File Inclusion

DodosMail 2.5 - dodosmail.php Local File Inclusion source: https://www.securityfocus.com/bid/30112/info DodosMail is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability using directory-traversal strings ...

SA-2008-042 - Tinytax - Cross site scripting

The Tinytax taxonomy block displays a vocabulary as a tree within a block. The module displays certain values without appropriate filtering. Malicious users with the permission to create taxonomy terms are able to exploit this issue and insert arbitrary HTML and script code into pages. Such a cro...

CGIWrap Charset Specification Weakness Error Message XSS

The remote host is running CGIWrap, a wrapper for CGI scripts to provide enhanced security. The version of CGIWrap installed on the remote host does not specify a charset when responses are for error pages. An attacker may be able to leverage this issue to inject arbitrary HTML and script code in...

FaName 1.0 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/30019/info FaName is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

SA-2008-039 - Suggested terms - Cross site scripting

This module provides "suggested terms" for free-tagging Taxonomy fields based on terms already submitted. Taxonomy terms as presented in the clickable list are not properly sanitized. Users who are able to create new terms are able to insert arbitrary script code and HTML into certain edit pages...

Chipmunk Blog - archive.php Cross-Site Scripting

Chipmunk Blog - archive.php Cross-Site Scripting source: https://www.securityfocus.com/bid/29883/info Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary...

Chipmunk Blog - 'members.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29883/info Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...

A+ PHP Scripts News Management System 0.3 - Multiple Input Validation Vulnerabilities

A+ PHP Scripts News Management System 0.3 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/29912/info A+ PHP Scripts News Management System is prone to multiple input-validation vulnerabilities, including a remote file-include issue, multiple local file-includ...

phpmyadmin -- Cross Site Scripting Vulnerabilities

Secunia report: Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via unspecified parameters to files in /libraries is not properly sanitised before being returned to the user. This can be...

Chipmunk Blog - 'cat.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29883/info Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...

Chipmunk Blog - photos.php Cross-Site Scripting

Chipmunk Blog - photos.php Cross-Site Scripting source: https://www.securityfocus.com/bid/29883/info Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary...

Benja CMS 0.1 - adminadmin_new_submenu.php Cross-Site Scripting

Benja CMS 0.1 - adminadminnewsubmenu.php Cross-Site Scripting source: https://www.securityfocus.com/bid/29884/info The 'benja CMS' program is prone to multiple vulnerabilities because it fails to adequately validate input and restrict access. These issues include three cross-site scripting issues...

A+ PHP Scripts News Management System 0.3 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/29912/info A+ PHP Scripts News Management System is prone to multiple input-validation vulnerabilities, including a remote file-include issue, multiple local file-include issues, and a cross-site scripting issue. An attacker can exploit these...

Chipmunk Blog - 'comments.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29883/info Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...

PEGames - Multiple Cross-Site Scripting Vulnerabilities

PEGames - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/29865/info PEGames is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary...

Chipmunk Blog - 'archive.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29883/info Chipmunk Blog is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...

Benja CMS 0.1 - '/admin/admin_new_submenu.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/29884/info The 'benja CMS' program is prone to multiple vulnerabilities because it fails to adequately validate input and restrict access. These issues include three cross-site scripting issues, an arbitrary-file-upload issue, and a vulnerability that...

Diigo Toolbar and Diigolet Comment Feature - HTML Injection Information Disclosure

Diigo Toolbar and Diigolet Comment Feature - HTML Injection Information Disclosure source: https://www.securityfocus.com/bid/29611/info Diigo Toolbar and Diigolet are prone to an HTML-injection vulnerability and an information-disclosure vulnerability when handling data via the 'comment' feature...