html-edit CMS 3.1.x - 'html_output' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47576/info html-edit CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Football Website Manager 1.1 - SQL Injection / Multiple HTML Injection Vulnerabilities

source: https://www.securityfocus.com/bid/47593/info Football Website Manager is prone to an SQL-injection vulnerability and multiple HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application,...

phpList 2.10.x - 'email' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47580/info PHPList is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

WordPress Plugin WP Ajax Recent Posts 1.0.1 - do Cross-Site Scripting

WordPress Plugin WP Ajax Recent Posts 1.0.1 - do Cross-Site Scripting source: https://www.securityfocus.com/bid/47579/info The WP Ajax Recent Posts WordPress Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage...

PHP F1 Maxs Photo Album - showimage.php Cross-Site Scripting

PHP F1 Maxs Photo Album - showimage.php Cross-Site Scripting source: https://www.securityfocus.com/bid/47582/info PHP F1 Max's Photo Album is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

WordPress Plugin WP Ajax Recent Posts 1.0.1 - 'do' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47579/info The WP Ajax Recent Posts WordPress Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

Dolibarr ERPCRM 3.0 - Local File Inclusion Cross-Site Scripting

Dolibarr ERPCRM 3.0 - Local File Inclusion Cross-Site Scripting source: https://www.securityfocus.com/bid/47542/info Dolibarr is prone to a local file-include vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit...

docuFORM Mercury WebApp 6.16a/5.20 Multiple XSS Vulnerabilities

Exploit for php platform in category web applications docuFORM Mercury WebApp 6.16a Multiple Cross-Site Scripting Vulnerabilities function xss1document.forms"xss1".submit; function xss2document.forms"xss2".submit; alert1" / input type="hidd...

Cross-site Scripting (XSS) Vulnerability in AJAX Calendar

High-Tech Bridge SA Security Research Lab has discovered vulnerability in AJAX Calendar which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in AJAX Calendar The vulnerability exists due to input sanitation error in the "y" parameter in...

Automagick Tube Script 1.4.4 - 'module' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47519/info Automagick Tube Script is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...

Cross-site Scripting (XSS) Vulnerability in (e)2 interactive Photo Gallery

High-Tech Bridge SA Security Research Lab has discovered vulnerability in e2 interactive Photo Gallery which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in e2 interactive Photo Gallery The vulnerability exists due to input sanitation error ...

Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_OCL.mafService?e1.namespace' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47479/info Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This m...

Dalbum 1.43 - 'editini.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47427/info Dalbum is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

ChatLakTurk PHP Botlu Video - 'ara.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47428/info ChatLakTurk PHP Botlu Video is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting us...

webSPELL 4.2.2a - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/47500/info webSPELL is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...

Dalbum 1.43 - editini.php Cross-Site Scripting

Dalbum 1.43 - editini.php Cross-Site Scripting source: https://www.securityfocus.com/bid/47427/info Dalbum is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - jdeMafletClose.mafService?RENDER_MAFLET Cross-Site Scripting

Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - jdeMafletClose.mafService?RENDERMAFLET Cross-Site Scripting source: https://www.securityfocus.com/bid/47479/info Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these...

webSPELL 4.2.2a - Multiple Cross-Site Scripting Vulnerabilities

webSPELL 4.2.2a - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/47500/info webSPELL is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...

ChillyCMS 1.2.1 - Multiple Remote File Inclusions

ChillyCMS 1.2.1 - Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/47395/info chillyCMS is prone to multiple remote file-include vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Exploiting these issues may allow a remote attacker...

Technicolor THOMSON TG585v7 Wireless Router - 'url' Cross-Site Scripting

source: https://www.securityfocus.com/bid/47390/info Technicolor THOMSON TG585v7 Wireless Router is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. Attackers may exploit this issue by enticing victims into visiting a malicious...