Cross-site Scripting (XSS) Vulnerability in NinkoBB

High-Tech Bridge SA Security Research Lab has discovered vulnerability in NinkoBB which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in NinkoBB: CVE-2010-4874 The vulnerability exists due to input sanitation error in parameters...

Cross-site Request Forgery (CSRF) Vulnerabilities in BlogBird

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in BlogBird which could be exploited to perform cross-site request forgery attacks. 1 Cross-site request forgery CSRF in BlogBird 1.1 The vulnerability exists due to insufficient validation of the request origin in...

MS10-072: Vulnerabilities in SafeHTML Could Allow Information Disclosure (2412048)

The versions of SharePoint Services, SharePoint Server, Groove, or Office Web Apps installed on the remote host have multiple cross-site scripting vulnerabilities. A remote attacker could exploit them by tricking a user into making a malicious request, resulting in arbitrary script code execution...

AdaptCMS 'init.php' Remote File Include Vulnerability

AdaptCMS is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information or to execute arbitrary script code in the context of the webserver process. This may allow th...

Joomla! Mambo Component com_trade - PID Cross-Site Scripting

Joomla! Mambo Component comtrade - PID Cross-Site Scripting source: https://www.securityfocus.com/bid/43915/info The 'comtrade' component for Joomla! and Mambo is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. Exploiting this...

Lantern CMS - 11-login.asp Cross-Site Scripting

Lantern CMS - 11-login.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/43865/info Lantern CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...

OPEN IT OverLook 5 - title.php Cross-Site Scripting

OPEN IT OverLook 5 - title.php Cross-Site Scripting source: https://www.securityfocus.com/bid/43872/info OverLook is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in...

OPEN IT OverLook 5 - 'title.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/43872/info OverLook is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context ...

Design/Logic Flaw

The PL/php add-on 1.4 and earlier for PostgreSQL does not properly protect script execution by a different SQL user identity within the same session, which allows remote authenticated users to gain privileges via crafted script code in a SECURITY DEFINER function, a related issue to CVE-2010-3433...

SurgeMail SurgeWeb Cross Site Scripting Vulnerability

SurgeMail is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...

SquirrelMail Virtual Keyboard Plugin - 'vkeyboard.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/43749/info The Virtual Keyboard plugin for SquirrelMail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

SurgeMail < 4.3g XSS Vulnerability

SurgeMail is prone to a cross-site scripting XSS vulnerability because it fails to sufficiently sanitize user-supplied input. Copyright C 2010 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Netautor Professional 'login2.php' XSS Vulnerability

Netautor Professional is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NetArt Media Car Portal Multiple Cross-site Scripting Vulnerabilities

NetArt Media Car Portal is prone to multiple cross-site scripting vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Zen Cart Multiple Input Validation Vulnerabilities

Zen Cart is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include local file-include, SQL-injection, and HTML- injection issues. Exploiting these issues can allow attacker-supplied HTML and script code to run ...

Docebo 3.6 - description Cross-Site Scripting

Docebo 3.6 - description Cross-Site Scripting source: https://www.securityfocus.com/bid/43721/info Docebo is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

TikiWiki 'tiki-edit_wiki_section.php' type Parameter XSS

The installed version of TikiWiki fails to sanitize user-supplied input to the 'type' parameter in the 'tiki-editwikisection.php' script before using it to generate dynamic HTML content. An unauthenticated, remote attacker may be able to leverage this issue to inject arbitrary HTML or script code...

Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (2)

source: https://www.securityfocus.com/bid/41973/info Portili Personal and Team Wiki are prone to multiple security vulnerabilities. These vulnerabilities include a cross-site scripting vulnerability, an arbitrary-file-upload vulnerability, and multiple information-disclosure vulnerabilities...

Docebo 3.6 - &#039;description&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/43721/info Docebo is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

Surgemail SurgeWeb 4.3e - Cross-Site Scripting

source: https://www.securityfocus.com/bid/43679/info SurgeMail is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context...