PHPBB2 Plus 1.5 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/13150/info phpBB2 Plus is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute...

PHPBB2 Plus 1.5 - 'viewtopic.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/13153/info phpBB2 Plus is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the brows...

Microsoft Internet Explorer Content Advisor File Handling Buffer Overflow Vulnerability

Description Microsoft Internet Explorer is prone to a remote buffer overflow vulnerability when handling malformed Content Advisor files. An attacker can exploit this issue by crafting a Content Advisor file with excessive data and arbitrary machine code to be processed by the browser. A typical...

GLSA-200504-08 : phpMyAdmin: XSS vulnerability

The remote host is affected by the vulnerability described in GLSA-200504-08 phpMyAdmin: XSS vulnerability Oriol Torrent Santiago has discovered that phpMyAdmin fails to validate input to the 'convcharset' variable, rendering it vulnerable to cross-site scripting attacks. Impact : By sending a...

Microsoft Internet Explorer DHTML Object Race Condition Memory Corruption Vulnerability

Description A vulnerability in Microsoft Internet Explorer may allow remote attackers to execute arbitrary code in the context of users visiting malicious Web sites. This issue presents itself the affected application attempts to process certain script objects, a race condition may lead to the...

Comersus Cart comersus_searchItem.asp curPage Parameter XSS

The version of Comersus Cart installed on the remote host fails to properly sanitize user input to the 'curPage' parameter of the 'comersussearchItem.asp' script. An attacker can exploit this vulnerability to cause arbitrary HTML and script code to be executed in a user's browser within the conte...

XAMPP - Phonebook.php Multiple Remote HTML Injection Vulnerabilities

XAMPP - Phonebook.php Multiple Remote HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/13127/info XAMPP is prone to multiple remote HTML-injection vulnerabilities because the software fails to properly sanitize user-supplied input before including it in dynamically generat...

PostNuke < 0.760 RC4 Multiple XSS and SQL Injection Vulnerabilities

Binary data 2808.prm...

PHP-Nuke 7.6 - banners.php Cross-Site Scripting

PHP-Nuke 7.6 - banners.php Cross-Site Scripting source: https://www.securityfocus.com/bid/13026/info PHP-Nuke is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this...

Active Auction House - &#039;sendpassword.asp&#039; Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/13038/info Active Auction House is reportedly affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary...

Active Auction House - &#039;WatchThisItem.asp&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/13039/info Active Auction House is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code...

SonicWALL SOHO Web Interface XSS

The remote host is a SonicWALL SOHO appliance. This version is affected by multiple issues, specifically a cross- site scripting vulnerability due to a lack of sanitization of user-supplied data. Successful exploitation of this issue may allow an attacker to execute malicious script code on a...

Ocean12 Membership Manager Pro - Cross-Site Scripting

source: https://www.securityfocus.com/bid/13046/info Ocean12 Membership Manager Pro is reportedly affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...

PHP-Nuke 6.x7.x Downloads Module - Lid Cross-Site Scripting

PHP-Nuke 6.x7.x Downloads Module - Lid Cross-Site Scripting source: https://www.securityfocus.com/bid/13011/info It is reported that the PHP-Nuke 'Downloads' module is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize...

ProfitCode Software PayProCart 3.0 - &#039;Usrdetails.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/13002/info PayProCart is prone to a cross-site scripting vulnerability affecting the 'usrdetails.php' script. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft ...

Alstrasoft EPay Pro 2.0 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/12974/info It is reported that EPay Pro is affected by various cross-site scripting vulnerabilities. These problems present themselves when malicious HTML and script code is sent to the application through multiple parameters. This issue may allow for the...

Chatness 2.5 - &#039;Message Form&#039; HTML Injection

source: https://www.securityfocus.com/bid/12929/info Chatness is prone to an HTML injection vulnerability. This issue is exposed through various chat message form fields. Exploitation will allow an attacker to inject hostile HTML and script code into the session of another user. An attacker could...

Chatness 2.5 - Message Form HTML Injection

Chatness 2.5 - Message Form HTML Injection source: https://www.securityfocus.com/bid/12929/info Chatness is prone to an HTML injection vulnerability. This issue is exposed through various chat message form fields. Exploitation will allow an attacker to inject hostile HTML and script code into the...

CPG Dragonfly 9.0.2.0 - Multiple Cross-Site Scripting Vulnerabilities

CPG Dragonfly 9.0.2.0 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12930/info CPG Dragonfly is prone to multiple cross-site scripting vulnerabilities in various modules. An attacker may leverage these issues to have arbitrary script code executed in th...

ACS Blog 0.8/0.9/1.0/1.1 - &#039;Name&#039; HTML Injection

source: https://www.securityfocus.com/bid/12921/info ACS Blog is affected by an HTML injection vulnerability. The issue affects the 'Name' field and may be exploited to execute arbitrary HTML and script code in the browser of the user when the user views an affected Web page. Name:...