6664 matches found
flyspray -- cross-site scripting vulnerabilities
A Secunia Advisory reports: Lostmon has reported some vulnerabilities in Flyspray, which can be exploited by malicious people to conduct cross-site scripting attacks. Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script...
RSA ACE Agent 5.x - Image Cross-Site Scripting
source: https://www.securityfocus.com/bid/15206/info RSA ACE Agent is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user i...
phpMyAdmin: Local file inclusion and XSS vulnerabilities
Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Stefan Esser discovered that by calling certain PHP files directly, it was possible to workaround the grabglobals.lib.php security model and overwrite the $cfg configuration...
Zomplog Script Injection Vulnerability =>3.4 (all versions vulnerable)
zomplog is prone to xss injection attacks. It is possible for a malicious zomplog user to inject hostile xss and script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of zomplog. zomplog does not adequately filter xss tags...
Chipmunk Forum - newtopic.php?forumID Cross-Site Scripting
Chipmunk Forum - newtopic.php?forumID Cross-Site Scripting source: https://www.securityfocus.com/bid/15149/info Chipmunk products are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker...
Chipmunk Forum - 'quote.php?forumID' Cross-Site Scripting
source: https://www.securityfocus.com/bid/15149/info Chipmunk products are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...
Xerver 4.17 Server - URI Null Character Cross-Site Scripting
Xerver 4.17 Server - URI Null Character Cross-Site Scripting source: https://www.securityfocus.com/bid/15135/info Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit a...
Xerver 4.17 - Forced Directory Listing
Xerver 4.17 - Forced Directory Listing source: https://www.securityfocus.com/bid/15135/info Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit a vulnerability to...
MySource 2.14 - upgrade_in_progress_backend.php?target_url Cross-Site Scripting
MySource 2.14 - upgradeinprogressbackend.php?targeturl Cross-Site Scripting source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...
MySource 2.14 - 'edit_table_props.php?bgcolor' Cross-Site Scripting
source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in t...
MySource 2.14 - 'upgrade_in_progress_backend.php?target_url' Cross-Site Scripting
source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in t...
MySource 2.14 - 'Span.php?PEAR_PATH' Remote File Inclusion
source: https://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to execute arbitrary...
MySource 2.14 - insert_table.php?bgcolor Cross-Site Scripting
MySource 2.14 - inserttable.php?bgcolor Cross-Site Scripting source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...
MySource 2.14 - edit_table_props.php?bgcolor Cross-Site Scripting
MySource 2.14 - edittableprops.php?bgcolor Cross-Site Scripting source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...
Complete PHP - Counter Cross-Site Scripting
Complete PHP - Counter Cross-Site Scripting source: https://www.securityfocus.com/bid/15112/info Complete PHP Counter is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue t...
YaPiG 0.95b - view.php?img_size Cross-Site Scripting
YaPiG 0.95b - view.php?imgsize Cross-Site Scripting source: https://www.securityfocus.com/bid/15092/info Yapig is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...
YaPiG 0.95b - 'view.php?img_size' Cross-Site Scripting
source: https://www.securityfocus.com/bid/15092/info Yapig is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...
Aenovo - Multiple Cross-Site Scripting Vulnerabilities
Aenovo - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15038/info aeNovo is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage the...
Oracle HTML DB 1.51.6 - f?p Cross-Site Scripting
Oracle HTML DB 1.51.6 - f?p Cross-Site Scripting source: https://www.securityfocus.com/bid/15031/info Oracle HTML DB is prone to cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context...
Aenovo - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/15038/info aeNovo is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the...