6666 matches found
net4visions (Multiple Products) - dir Multiple Cross-Site Scripting Vulnerabilities
net4visions Multiple Products - dir Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/49675/info net4visions is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these...
Toko Lite CMS 1.5.2 - HTTP Response Splitting Cross-Site Scripting
Toko Lite CMS 1.5.2 - HTTP Response Splitting Cross-Site Scripting source: https://www.securityfocus.com/bid/49673/info Toko LiteCMS is prone to an HTTP-response-splitting vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An...
Toko Lite CMS 1.5.2 - HTTP Response Splitting / Cross-Site Scripting
source: https://www.securityfocus.com/bid/49673/info Toko LiteCMS is prone to an HTTP-response-splitting vulnerability and multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script cod...
net4visions (Multiple Products) - 'dir' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/49675/info net4visions is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in...
iManager Plugin 1.2.8 Cross Site Scripting
iManager Plugin v1.2.8 dir Remote Cross-Site Scripting Vulnerability Vendor: net4visions.com Product web page: http://www.net4visions.com Affected version: alert'zsl' http://SOMECMS/jscripts/tinymce/plugins/imanager/scripts/phpThumb/demo/phpThumb.demo.random.php?dir=alert'zsl'...
phpMyAdmin多个HTML注入漏洞
BUGTRAQ ID: 49648 phpMyAdmin是一个用PHP编写的,可以通过 web 方式控制和操作 MySQL 数据库。 phpMyAdmin在实现上存在多个HTML注入安全漏洞,远程攻击者可利用这些漏洞在受影响站点的用户浏览器中执行任意脚本代码,窃取cookie凭证。 1)在联机编辑和保存后,某些行内容的输入没有正确过滤就开始使用了,可被利用在查看恶意数据时执行插入的任意HTML和脚本代码。 2)传递到表格、列和索引名称的某些输入在使用前没有正确过滤,可被利用插入任意HTML和脚本代码,然后在查看时在用户浏览器中执行。 phpMyAdmin 3.x 厂商补丁:...
iManager Plugin v1.2.8 (dir) Remote Cross-Site Scripting Vulnerability
Summary With iManager you can manage your files/images on your webserver, and it provides user interface to most of the phpThumb functions. It works either stand-alone or as a plugin to WYSIWYG editors like tinyMCE, SPAW, htmlAREA, Xinha and FCKeditor. Description iManager suffers from a XSS...
PunBB 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities
PunBB 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/49660/info PunBB is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...
Microsoft SharePoint CVE-2011-1893 Cross Site Scripting Vulnerability
Description Microsoft SharePoint is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Zikula Application Framework 'themename' Parameter Cross Site Scripting Vulnerability
Zikula Application Framework is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user- supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may...
Papoo CMS Light 4.0 - Multiple Cross-Site Scripting Vulnerabilities
Papoo CMS Light 4.0 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/49587/info Papoo CMS Light is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...
Orion Network Performance Monitor 10.1.3 - CustomChart.aspx Cross-Site Scripting
Orion Network Performance Monitor 10.1.3 - CustomChart.aspx Cross-Site Scripting source: https://www.securityfocus.com/bid/49614/info Orion Network Performance Monitor is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can explo...
Orion Network Performance Monitor 10.1.3 - 'CustomChart.aspx' Cross-Site Scripting
source: https://www.securityfocus.com/bid/49614/info Orion Network Performance Monitor is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the browser of an unsuspecting...
FortiAnalyzer Appliance - Multiple Web Vulnerabilities
Document Title: =============== FortiAnalyzer Appliance - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=145 Release Date: ============= 2011-09-11 Vulnerability Laboratory ID VL-ID: ==================================== 145...
Zikula 1.3.0 Cross Site Scripting
Vulnerability ID: HTB23039 Reference: https://www.htbridge.ch/advisory/xssinzikula.html Product: Zikula Application Framework Vendor: Zikula Software Foundation http://zikula.org/ Vulnerable Version: 1.3.0, build 3168 and probably prior Tested Version: 1.3.0, build 3168 Vendor Notification: 17...
Hastymail2 Multiple Cross Site Scripting Vulnerabilities
Hastymail2 is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...
Hastymail2 < 1.1 RC1 Multiple XSS Vulnerabilities
Hastymail2 is prone to multiple cross-site scripting XSS vulnerabilities because it fails to sufficiently sanitize user-supplied data. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
SkaDate - 'blogs.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/49502/info SkaDate is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
MantisBT 1.2.7 Cross Site Scripting / Local File Inclusion
Vulnerability ID: HTB23045 Reference: https://www.htbridge.ch/advisory/multiplevulnerabilitiesinmantisbt.html Product: MantisBT Vendor: www.mantisbt.org http://www.mantisbt.org/ Vulnerable Version: 1.2.7 and probably prior Tested Version: 1.2.7 Vendor Notification: 31 August 2011 Vulnerability...
Kisanji - gr Cross-Site Scripting
Kisanji - gr Cross-Site Scripting source: https://www.securityfocus.com/bid/49468/info Kisanji is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...