Happymall E-Commerce Software 4.34.4 - Normal_HTML.cgi Cross-Site Scripting

Happymall E-Commerce Software 4.34.4 - NormalHTML.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/7557/info IT has been reported that Happymall E-Commerce is prone to cross-site scripting attacks. The problem occurs due to insufficient sanitization of user-supplied URI...

Basic Analysis and Security Engine (BASE) 1.2.4 - PrintFreshPage Cross-Site Scripting

Basic Analysis and Security Engine BASE 1.2.4 - PrintFreshPage Cross-Site Scripting source: https://www.securityfocus.com/bid/17391/info BASE is prone to a cross-site scripting vulnerability. The application fails to properly sanitize user-supplied input in the 'PrintFreshPage' function. An...

Opera 7.0 - JavaScript Console Attribute Injection

Opera 7.0 - JavaScript Console Attribute Injection source: https://www.securityfocus.com/bid/6755/info A vulnerability has been reported for Opera 7 browsers for Microsoft Windows operating systems. The vulnerability exists in the Opera JavaScript console. Attackers may exploit the vulnerability ...

Geeklog 1.3.7 - 'profiles.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/6601/info The Geeklog 'profiles.php' script is prone to multiple cross-site scripting vulnerabilities. This issue is due to insufficient sanitization of input submitted in URI parameters. As a result, an attacker may create a malicious link to a site...

Geeklog 1.3.7 - 'users.php?uid' Cross-Site Scripting

source: https://www.securityfocus.com/bid/6602/info Geeklog is prone to a cross-site scripting vulnerability in the 'users.php' script. This issue is due to insufficient sanitization of input submitted in URI parameters. As a result, an attacker may create a malicious link to a site hosting...

W-Agora 4.1.6 - EditForm.php Cross-Site Scripting

W-Agora 4.1.6 - EditForm.php Cross-Site Scripting source: https://www.securityfocus.com/bid/6464/info W-Agora is a freely available, open source PHP forum software package. It is available for Unix and Linux systems. A problem with W-Agora may make cross-site scripting attacks possible. It has be...

W-Agora 4.1.6 - 'EditForm.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/6464/info W-Agora is a freely available, open source PHP forum software package. It is available for Unix and Linux systems. A problem with W-Agora may make cross-site scripting attacks possible. It has been reported that W-Agora has a vulnerability in th...

Working Resources BadBlue 1.7.1 - Search Page Cross-Site Scripting

source: https://www.securityfocus.com/bid/6253/info The ext.dll ISAPI does not sufficiently sanitize user-supplied input when processing search queries. This may allow an attacker to create a custom URL containing script code that, when viewed in a browser by a legitimate user, will result in the...

Ultimate PHP Board Board 1.0 final Beta - viewtopic.php Cross-Site Scripting

Ultimate PHP Board Board 1.0 final Beta - viewtopic.php Cross-Site Scripting source: https://www.securityfocus.com/bid/6335/info Ultimate PHP Board UPB is a freely available, open source PHP Bulletin Board. It is available for the Unix and Linux operating systems. By passing a malicious script co...

Microsoft Internet Explorer 5 - Document Reference Zone Bypass

Microsoft Internet Explorer 5 - Document Reference Zone Bypass source: https://www.securityfocus.com/bid/5841/info A vulnerability has been reported in Microsoft Internet Explorer that may allow for remote attackers to execute script code in the context of other domains/security Zones. The cause...

ACWeb 1.141.8 - Cross-Site Scripting

ACWeb 1.141.8 - Cross-Site Scripting source: https://www.securityfocus.com/bid/5793/info acWEB is prone to cross-site scripting attacks. It is possible to construct a malicious link to the web server which contains arbitrary script code. When the link is visited, the script code will be executed ...

phpGB 1.1 - HTML Injection

phpGB 1.1 - HTML Injection source: https://www.securityfocus.com/bid/5676/info phpGB is subject to HTML injection attacks. phpGB fails to check for the presence of HTML tags when generating guestbook entries. It is reported that an attacker may inject HTML and script code into guestbook entries,...

GNU Mailman 2.0.x - Subscribe Cross-Site Scripting

source: https://www.securityfocus.com/bid/5298/info GNU Mailman is prone to a cross-site scripting vulnerability. Arbitrary HTML and script code are not sanitized from the URI parameters of mailing list subscribe scripts. An attacker may exploit this issue by creating a malicious link containing...

Microsoft Internet Explorer 5/6 - OBJECT Tag Same Origin Policy Violation

source: https://www.securityfocus.com/bid/5196/info Microsoft Internet Explorer allows script code to violate the same origin policy through usage of the HTML OBJECT tag. Malicious script code may obtain a legitimate reference to an embedded object containing a web page from the same domain. This...

Microsoft Internet Explorer 56 - OBJECT Tag Same Origin Policy Violation

Microsoft Internet Explorer 56 - OBJECT Tag Same Origin Policy Violation source: https://www.securityfocus.com/bid/5196/info Microsoft Internet Explorer allows script code to violate the same origin policy through usage of the HTML OBJECT tag. Malicious script code may obtain a legitimate referen...

BBC Education Betsie 1.5 - Parserl.pl Cross-Site Scripting

BBC Education Betsie 1.5 - Parserl.pl Cross-Site Scripting source: https://www.securityfocus.com/bid/5135/info Betsie BBC Education Text to Speech Internet Enhancer is prone to a cross-site scripting vulnerability. This issue exists in the parserl.pl script. Attackers may exploit this condition v...

PHP Classifieds 6.0.5 - Cross-Site Scripting

PHP Classifieds 6.0.5 - Cross-Site Scripting source: https://www.securityfocus.com/bid/5022/info PHP Classifieds has been reported to be prone to cross-site scripting attacks. Attackers may inject arbitrary HTML or script code into URI parameters in a malicious link. When the malicious link is...

Geeklog 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/4969/info Geeklog does not filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to the 'index.php' or 'comment.php' script. Such a malicious link might b...

SunShop Shopping Cart 1.52.x - User-Embedded Scripting

SunShop Shopping Cart 1.52.x - User-Embedded Scripting source: https://www.securityfocus.com/bid/4506/info SunShop is commercial web store software. It is written in PHP, and will run on most Unix and Linux operating systems as well as Microsoft Windows. SunShop allows attackers to embed arbitrar...

ReBB 1.0 - Image Tag Cross-Agent Scripting

source: https://www.securityfocus.com/bid/4220/info ReBB is web forum software which will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. It is written in PHP and may be back-ended by a number of databases. ReBB allows users to include images in forum messages...