Lucene search
K

6666 matches found

FreeBSD
FreeBSD
added 2012/03/21 12:0 a.m.26 views

phpList -- SQL injection and XSS vulnerability

Zero Science Lab reports: Input passed via the parameter 'sortby' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The param 'num' is vulnerable to a XSS issue where the attacker ca...

6.9AI score
Exploits0References2
Exploit DB
Exploit DB
added 2012/03/21 12:0 a.m.47 views

Open Journal Systems (OJS) 2.3.6 - 'index.php?authors[][url]' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52666/info Open Journal Systems is prone to following multiple vulnerabilities because the software fails to sufficiently sanitize user-supplied input: 1. An arbitrary-file-deletion vulnerability 2. A security vulnerability 3. An arbitrary-file-upload...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2012/03/21 12:0 a.m.33 views

CMSimple 3.3 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52661/info CMSimple is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affect...

7.4AI score
Exploits0
OpenVAS
OpenVAS
added 2012/03/20 12:0 a.m.30 views

TWiki 'organization' XSS Vulnerability

TWiki is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:twiki:twiki";...

4.3CVSS5.7AI score0.02133EPSS
Exploits1References5
Check Point Advisories
Check Point Advisories
added 2012/03/19 12:0 a.m.4 views

Symantec IM Manager Multiple Cross Site Scripting vulnerabilities (CVE-2011-0552)

Multiple cross-site scripting vulnerabilities have been reported in Symantec IM Manager. The vulnerabilities are due to improper sanitization of URL parameters input by the IM Manager management console. A remote attacker could exploit these vulnerabilities by enticing users to click on a link...

4.3CVSS6.4AI score0.03456EPSS
Exploits0
exploitpack
exploitpack
added 2012/03/14 12:0 a.m.10 views

Maxs Guestbook 1.0 - Multiple Remote Vulnerabilities

Maxs Guestbook 1.0 - Multiple Remote Vulnerabilities source: https://www.securityfocus.com/bid/52471/info Max's Guestbook is prone to multiple remote vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary HTML and script code in the context of the affected browser,...

0.2AI score
Exploits0
GitLab Advisory Database
GitLab Advisory Database
added 2012/03/13 12:0 a.m.29 views

Direct Manipulation XSS

Ruby on Rails contains a flaw that allows a remote cross-site scripting XSS attack. This flaw exists because the application does not validate direct manipulations of SafeBuffer objects via '' and other methods. This may allow a user to create a specially crafted request that would execute...

4.3CVSS3.2AI score0.02137EPSS
Exploits0References2Affected Software1
exploitpack
exploitpack
added 2012/03/12 12:0 a.m.11 views

Litespeed Web Server - gtitle Cross-Site Scripting

Litespeed Web Server - gtitle Cross-Site Scripting source: https://www.securityfocus.com/bid/55946/info LiteSpeed Web Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in t...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2012/03/12 12:0 a.m.29 views

Litespeed Web Server - 'gtitle' Cross-Site Scripting

source: https://www.securityfocus.com/bid/55946/info LiteSpeed Web Server is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context o...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2012/03/12 12:0 a.m.35 views

Synology Photo Station 5 DSM 3.2 - 'photo_one.php' Script Cross-Site Scripting

source: https://www.securityfocus.com/bid/52416/info Synology Photo Station is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2012/03/11 12:0 a.m.20 views

Singapore 0.10.1 - gallery Cross-Site Scripting

Singapore 0.10.1 - gallery Cross-Site Scripting source: https://www.securityfocus.com/bid/52399/info singapore is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of ...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2012/03/11 12:0 a.m.36 views

Singapore 0.10.1 - 'gallery' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52399/info singapore is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2012/03/11 12:0 a.m.22 views

EJBCA 4.0.7 - 'issuer' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52400/info EJBCA is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of t...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2012/03/09 12:0 a.m.9 views

PHPMyVisites 2.4 - PHPmv2index.php Multiple Cross-Site Scripting Vulnerabilities

PHPMyVisites 2.4 - PHPmv2index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/52377/info phpMyVisites is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2012/03/09 12:0 a.m.34 views

XWiki Enterprise Multiple Cross-Site Scripting Vulnerabilities

The host is running XWiki Enterprise and is prone to cross site scripting vulnerabilities. OpenVAS Vulnerability Test $Id: gbxwikienterprisemultxssvuln.nasl 7573 2017-10-26 09:18:50Z cfischer $ XWiki Enterprise Multiple Cross-Site Scripting Vulnerabilities Authors: Rachana Shetty Copyright:...

4.3CVSS6.6AI score0.01194EPSS
Exploits1References4
exploitpack
exploitpack
added 2012/03/08 12:0 a.m.10 views

Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting HTML Injection Vulnerabilities

Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting HTML Injection Vulnerabilities source: https://www.securityfocus.com/bid/52356/info Ilient SysAid is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker...

Exploits0
seebug.org
seebug.org
added 2012/03/06 12:0 a.m.26 views

Ruby on Rails多个跨站脚本执行漏洞

BUGTRAQ ID: 52264 Ruby on Rails简称RoR或Rails,是一个使用Ruby语言写的开源Web应用框架,它是严格按照MVC结构开发的。 通过SafeBuffer直接操作传递的输入没有正确过滤,通过手动生成的选择标签传递的某些输入没有正确过滤,导致在用户浏览器中执行任意HTML和脚本代码 0 Ruby on Rails 3.2.x Ruby on Rails 3.1.x Ruby on Rails 3.0.x 厂商补丁: Ruby ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.ruby-lang.org/...

6.9AI score
Exploits0
exploitpack
exploitpack
added 2012/03/05 12:0 a.m.14 views

Etano 1.201.22 - photo_search.php Multiple Cross-Site Scripting Vulnerabilities

Etano 1.201.22 - photosearch.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/52295/info Etano is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues t...

Exploits0
Exploit DB
Exploit DB
added 2012/03/05 12:0 a.m.30 views

Etano 1.20/1.22 - 'search.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/52295/info Etano is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2012/03/03 12:0 a.m.25 views

LDAP Account Manager Pro 3.6 跨站脚本和HTML注入漏洞

LDAP Account Manager LAM是一个基于浏览器的LDAP帐号管理系统 LDAP Account Manager LAM存在多个持久型输入校验漏洞,允许攻击者在应用程序段实现恶意脚本代码,成功利用漏洞操作数据或劫持会话user/mod/admin 另外也受客户端跨站脚本漏洞,允许攻击者劫持目标用户/admin会话 0 LDAP Account Manager Pro 3.6 厂商解决方案 目前没有详细解决方案提供: http://lam.sourceforge.net/index.htm...

7.1AI score
Exploits0
Rows per page
Query Builder