[SA23656] b2evolution "redirect_to" HTML Attribute Cross-Site Scripting

---------------------------------------------------------------------- Secunia is proud to announce the availability of the Secunia Software Inspector. The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When...

phpBB 2.0.21 - privmsg.php HTML Injection

phpBB 2.0.21 - privmsg.php HTML Injection source: https://www.securityfocus.com/bid/22001/info phpBB is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and scri...

phpBB (privmsg.php) XSS Exploit

phpBB privmsg.php XSS Exploit By: Demential Web: http://headburn.altervista.org E-mail: [email protected] PhpBB website: http://phpbb.com Exploit tested on phpBB 2.0.21 Secunia.com said: Input passed to the form field "Message body" in privmsg.php is not properly sanitised before it is returned to...

MediaWiki 1.x - AJAX index.php Cross-Site Scripting

MediaWiki 1.x - AJAX index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21956/info MediaWiki is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary scri...

MediaWiki 1.x - 'AJAX index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/21956/info MediaWiki is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in th...

Adobe Acrobat Reader Plugin <= 7.0.x (acroreader) XSS Vulnerability

No description provided by source. Stefano Di Paola http://www.wisec.it/ From Secunia: Input passed to a hosted PDF file is not properly sanitised by the browser plug-in before being returned to users. This can be exploited to execute arbitrary script code in a user's browser session in context o...

Adobe Acrobat Reader Plugin 7.0.x - acroreader Cross-Site Scripting

Adobe Acrobat Reader Plugin 7.0.x - acroreader Cross-Site Scripting Stefano Di Paola http://www.wisec.it/ From Secunia: Input passed to a hosted PDF file is not properly sanitised by the browser plug-in before being returned to users. This can be exploited to execute arbitrary script code in a...

EditTag 1.2 - mkpw_mp.cgi?plain Cross-Site Scripting

EditTag 1.2 - mkpwmp.cgi?plain Cross-Site Scripting source: https://www.securityfocus.com/bid/21891/info EditTag is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...

[SA23484] OvBB Script Insertion Vulnerability

TITLE: OvBB Script Insertion Vulnerability SECUNIA ADVISORY ID: SA23484 VERIFY ADVISORY: http://secunia.com/advisories/23484/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: OvBB 0.x http://secunia.com/product/13131/ DESCRIPTION: A vulnerability has been...

RI Blog 1.3 - search.asp Cross-Site Scripting

RI Blog 1.3 - search.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/21880/info RI Blog is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code...

Adobe Acrobat Reader Plugin <= 7.0.x (acroreader) XSS Vulnerability

Exploit for unknown platform in category remote exploits =================================================================== Adobe Acrobat Reader Plugin = 7.0.x acroreader XSS Vulnerability =================================================================== Stefano Di Paola http://www.wisec.it/...

[SA23623] Serene Bach Unspecified Cross-Site Scripting Vulnerability

TITLE: Serene Bach Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA23623 VERIFY ADVISORY: http://secunia.com/advisories/23623/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: Serene Bach 2.x http://secunia.com/product/13155/ Serene Bach sb 1...

Adobe Acrobat Reader Plugin 7.0.x - &#039;acroreader&#039; Cross-Site Scripting

Stefano Di Paola http://www.wisec.it/ From Secunia: Input passed to a hosted PDF file is not properly sanitised by the browser plug-in before being returned to users. This can be exploited to execute arbitrary script code in a user's browser session in context of an affected site. Example: -...

MyServer 0.9.8 - Post.MSCGI Cross-Site Scripting

MyServer 0.9.8 - Post.MSCGI Cross-Site Scripting source: https://www.securityfocus.com/bid/24583/info MyServer is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script...

AShop Deluxe 4.5 - search.php Cross-Site Scripting

AShop Deluxe 4.5 - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. An attacker may...

AShop Deluxe 4.5 - &#039;editcatalogue.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. An attacker may leverage these issues to have arbitrary script code...

AShop Deluxe 4.5 - editcatalogue.php Cross-Site Scripting

AShop Deluxe 4.5 - editcatalogue.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. An attacker ma...

VCard Pro - gbrowse.php Cross-Site Scripting

VCard Pro - gbrowse.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21844/info vCard PRO is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code...

VCard Pro - &#039;gbrowse.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/21844/info vCard PRO is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user ...

AShop Deluxe 4.5 - shipping.php Cross-Site Scripting

AShop Deluxe 4.5 - shipping.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21845/info AShop Deluxe and AShop Administration Panel are prone to multiple cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied input data. An attacker may...