6666 matches found
phpList -- SQL injection and XSS vulnerability
Zero Science Lab reports: Input passed via the parameter 'sortby' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The param 'num' is vulnerable to a XSS issue where the attacker ca...
Open Journal Systems (OJS) 2.3.6 - 'index.php?authors[][url]' Cross-Site Scripting
source: https://www.securityfocus.com/bid/52666/info Open Journal Systems is prone to following multiple vulnerabilities because the software fails to sufficiently sanitize user-supplied input: 1. An arbitrary-file-deletion vulnerability 2. A security vulnerability 3. An arbitrary-file-upload...
CMSimple 3.3 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/52661/info CMSimple is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affect...
TWiki 'organization' XSS Vulnerability
TWiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:twiki:twiki";...
Symantec IM Manager Multiple Cross Site Scripting vulnerabilities (CVE-2011-0552)
Multiple cross-site scripting vulnerabilities have been reported in Symantec IM Manager. The vulnerabilities are due to improper sanitization of URL parameters input by the IM Manager management console. A remote attacker could exploit these vulnerabilities by enticing users to click on a link...
Maxs Guestbook 1.0 - Multiple Remote Vulnerabilities
Maxs Guestbook 1.0 - Multiple Remote Vulnerabilities source: https://www.securityfocus.com/bid/52471/info Max's Guestbook is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary HTML and script code in the context of the affected browser,...
Direct Manipulation XSS
Ruby on Rails contains a flaw that allows a remote cross-site scripting XSS attack. This flaw exists because the application does not validate direct manipulations of SafeBuffer objects via '' and other methods. This may allow a user to create a specially crafted request that would execute...
Litespeed Web Server - gtitle Cross-Site Scripting
Litespeed Web Server - gtitle Cross-Site Scripting source: https://www.securityfocus.com/bid/55946/info LiteSpeed Web Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in t...
Litespeed Web Server - 'gtitle' Cross-Site Scripting
source: https://www.securityfocus.com/bid/55946/info LiteSpeed Web Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context o...
Synology Photo Station 5 DSM 3.2 - 'photo_one.php' Script Cross-Site Scripting
source: https://www.securityfocus.com/bid/52416/info Synology Photo Station is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context...
Singapore 0.10.1 - gallery Cross-Site Scripting
Singapore 0.10.1 - gallery Cross-Site Scripting source: https://www.securityfocus.com/bid/52399/info singapore is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of ...
Singapore 0.10.1 - 'gallery' Cross-Site Scripting
source: https://www.securityfocus.com/bid/52399/info singapore is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
EJBCA 4.0.7 - 'issuer' Cross-Site Scripting
source: https://www.securityfocus.com/bid/52400/info EJBCA is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...
PHPMyVisites 2.4 - PHPmv2index.php Multiple Cross-Site Scripting Vulnerabilities
PHPMyVisites 2.4 - PHPmv2index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/52377/info phpMyVisites is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to...
XWiki Enterprise Multiple Cross-Site Scripting Vulnerabilities
The host is running XWiki Enterprise and is prone to cross site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbxwikienterprisemultxssvuln.nasl 7573 2017-10-26 09:18:50Z cfischer $ XWiki Enterprise Multiple Cross-Site Scripting Vulnerabilities Authors: Rachana Shetty Copyright:...
Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting HTML Injection Vulnerabilities
Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/52356/info Ilient SysAid is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker...
Ruby on Rails多个跨站脚本执行漏洞
BUGTRAQ ID: 52264 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 通过SafeBuffer直接操作传递的输入没有正确过滤,通过手动生成的选择标签传递的某些输入没有正确过滤,导致在用户浏览器中执行任意HTML和脚本代码 0 Ruby on Rails 3.2.x Ruby on Rails 3.1.x Ruby on Rails 3.0.x 厂商补丁: Ruby ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.ruby-lang.org/...
Etano 1.201.22 - photo_search.php Multiple Cross-Site Scripting Vulnerabilities
Etano 1.201.22 - photosearch.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/52295/info Etano is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues t...
Etano 1.20/1.22 - 'search.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/52295/info Etano is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
LDAP Account Manager Pro 3.6 跨站脚本和HTML注入漏洞
LDAP Account Manager LAM是一个基于浏览器的LDAP帐号管理系统 LDAP Account Manager LAM存在多个持久型输入校验漏洞,允许攻击者在应用程序段实现恶意脚本代码,成功利用漏洞操作数据或劫持会话user/mod/admin 另外也受客户端跨站脚本漏洞,允许攻击者劫持目标用户/admin会话 0 LDAP Account Manager Pro 3.6 厂商解决方案 目前没有详细解决方案提供: http://lam.sourceforge.net/index.htm...