Elastic Path 4.1 - managerFileManager.jsp?dir Traversal Arbitrary Directory Listing

Elastic Path 4.1 - managerFileManager.jsp?dir Traversal Arbitrary Directory Listing source: https://www.securityfocus.com/bid/28352/info Elastic Path is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. These issues include: - A local...

News-Template 0.5beta - print.php Multiple Cross-Site Scripting Vulnerabilities

News-Template 0.5beta - print.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/28353/info News-Template is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these...

News-Template 0.5beta - 'print.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/28353/info News-Template is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user ...

MyBlog 1.x - SQL Injection / Remote File Inclusion

source: https://www.securityfocus.com/bid/28313/info MyBlog is prone to multiple input-validation vulnerabilities, including: - Multiple SQL-injection vulnerabilities - Multiple remote file-include vulnerabilities - A privilege-escalation vulnerability An attacker may exploit these issues to...

CS-Cart 1.3.2 - index.php Cross-Site Scripting

CS-Cart 1.3.2 - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/28333/info CS-Cart is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code...

webSPELL 4.1.2 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/28294/info webSPELL is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

phpStats 0.1_alpha - 'phpStats.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/28291/info The 'phpstats' program is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script...

RSA WebID 5.3 - IISWebAgentIF.dll Cross-Site Scripting

RSA WebID 5.3 - IISWebAgentIF.dll Cross-Site Scripting source: https://www.securityfocus.com/bid/28277/info RSA WebID is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

RSA WebID 5.3 - 'IISWebAgentIF.dll' Cross-Site Scripting

source: https://www.securityfocus.com/bid/28277/info RSA WebID is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in th...

SNewsCMS 2.x - search.php Cross-Site Scripting

SNewsCMS 2.x - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/28262/info SNewsCMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this...

Chris LaPointe Download Center 1.2 - login Action Multiple Cross-Site Scripting Vulnerabilities

Chris LaPointe Download Center 1.2 - login Action Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/28219/info Download Center is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker...

EasyImageCatalogue 1.31 - describe.php?d Cross-Site Scripting

EasyImageCatalogue 1.31 - describe.php?d Cross-Site Scripting source: https://www.securityfocus.com/bid/28164/info onlinetools.org EasyImageCatalogue is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these...

eWeather - 'chart' Cross-Site Scripting

source: https://www.securityfocus.com/bid/28241/info eWeather is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Chris LaPointe Download Center 1.2 - search Cross-Site Scripting

Chris LaPointe Download Center 1.2 - search Cross-Site Scripting source: https://www.securityfocus.com/bid/28219/info Download Center is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to...

Jeebles Directory 2.9.60 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/28221/info Jeebles Directory is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...

EasyImageCatalogue 1.31 - 'thumber.php?dir' Cross-Site Scripting

source: https://www.securityfocus.com/bid/28164/info onlinetools.org EasyImageCatalogue is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an...

EasyImageCatalogue 1.31 - 'addcomment.php?d' Cross-Site Scripting

source: https://www.securityfocus.com/bid/28164/info onlinetools.org EasyImageCatalogue is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an...

awstats -- multiple XSS vulnerabilities

Secunia reports: Morgan Todd has discovered a vulnerability in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed in the URL to awstats.pl is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary...

Chris LaPointe Download Center 1.2 - 'search' Cross-Site Scripting

source: https://www.securityfocus.com/bid/28219/info Download Center is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting use...

EasyImageCatalogue 1.31 - 'describe.php?d' Cross-Site Scripting

source: https://www.securityfocus.com/bid/28164/info onlinetools.org EasyImageCatalogue is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an...