CactuShop XSS and SQL injection flaws

The remote host runs CactuShop, an e-commerce web application written in ASP. The remote version of this software is vulnerable to cross-site scripting due to a lack of sanitization of user-supplied data in the script 'popuplargeimage.asp'. Successful exploitation of this issue may allow an...

ICECast XSS

The remote server runs a version of ICECast which is as old as or older than version 1.3.12. This version is affected by a cross-site scripting vulnerability in the status display functionality. This issue is due to a failure of the application to properly sanitize user-supplied input. As a resul...

RM SafetyNet Plus XSS

The remote host runs SafetyNet Plus, a popular educational filtering service. This version is vulnerable to multiple cross-site scripting due to a lack of sanitization of user-supplied data. Successful exploitation of this issue may allow an attacker to execute malicious script code on a vulnerab...

vBulletin < 2.3.6, 3.0.x < 3.0.6 XSS Vulnerability

vBulletin is vulnerable to a cross-site scripting XSS issue, due to a failure of the application to properly sanitize user-supplied URI input. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective rig...

BlackBoard Internet Newsboard System remote file include flaw

The remote version of BlackBoard Internet Newsboard System is vulnerable to a remote file include flaw due to a lack of sanitization of user-supplied data. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

ASP-DEv XM Forum IMG Tag Script Injection Vulnerability

The remote web server contains an ASP script which is vulnerable to a cross site scripting issue. Description : The remote host appears to be running the ASP-DEV XM Forum. There is a flaw in the remote software which may allow anyone to inject arbitrary HTML and script code through the BBCode IMG...

FuseTalk forum XSS

The remote host is using FuseTalk, a web based discussion forum. A vulnerability exists in the script SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Simple PHP Blog 0.4 - preview_static_cgi.php Multiple Cross-Site Scripting Vulnerabilities

Simple PHP Blog 0.4 - previewstaticcgi.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15283/info Simple PHP Blog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize...

Simple PHP Blog 0.4 - &#039;colors.php&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/15283/info Simple PHP Blog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed i...

Simple PHP Blog 0.4 - colors.php Multiple Cross-Site Scripting Vulnerabilities

Simple PHP Blog 0.4 - colors.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15283/info Simple PHP Blog is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input...

Snitz Forum 2000 - post.asp Cross-Site Scripting

Snitz Forum 2000 - post.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/15241/info Snitz Forum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to ha...

Snitz Forum 2000 - &#039;post.asp&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/15241/info Snitz Forum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser ...

phpMyAdmin 2.7 - sql.php Cross-Site Scripting

phpMyAdmin 2.7 - sql.php Cross-Site Scripting source: https://www.securityfocus.com/bid/17487/info PHPMyAdmin is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

phpFaber CMS 1.3.36 - Htmlarea.php Cross-Site Scripting

phpFaber CMS 1.3.36 - Htmlarea.php Cross-Site Scripting source: https://www.securityfocus.com/bid/20821/info phpFaber CMS is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...

ASP Fast Forum - error.asp Cross-Site Scripting

ASP Fast Forum - error.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/15233/info ASP Fast Forum is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to...

sparkleBlogXSS.txt

SparkleBlog is prone to HTMl injection attacks. It is possible for a malicious SparkleBlog user to inject hostile HTML script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of SparkleBlog. SparkleBlog does not adequately...

PBLang 4.65 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/15223/info PBLang is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the...

FlatNuke 2.5.x - index.php Cross-Site Scripting

FlatNuke 2.5.x - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/15176/info FlatNuke is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

SparkleBlog Journal.php HTML Injection Vulnerability =&gt;v2.1 &#40;all versions vulnerable&#41;

SparkleBlog is prone to HTMl injection attacks. It is possible for a malicious SparkleBlog user to inject hostile HTML script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of SparkleBlog. SparkleBlog does not adequately...

PHP-Nuke Search Enhanced Module 1.1/2.0 - HTML Injection

source: https://www.securityfocus.com/bid/15218/info Search Enhanced module for is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and scri...