SA-CONTRIB-2010-051 - Heartbeat - Cross Site Scripting

The Heartbeat project contains a suite of modules to display user activity on a website. These modules do not properly sanitize some of their output, allowing certain users the ability to insert arbitrary HTML and script code. Such a cross site scripting XSS attack may lead to a malicious user...

SoftDirec 1.05 - 'delete_confirm.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40269/info SoftDirec is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. An attacker may leverage this issue to execute arbitrary script code in the...

gpEasy CMS 1.6.2 - editing_files.php Cross-Site Scripting

gpEasy CMS 1.6.2 - editingfiles.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40330/info gpEasy CMS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code...

NPDS REvolution 10.02 - download.php Cross-Site Scripting

NPDS REvolution 10.02 - download.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40227/info NPDS Revolution is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

Joomla! Component JComments 2.1 - 'ComntrNam' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40230/info The JComments component for Joomla! is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecti...

Planet Script 1.x - 'idomains.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40203/info Planet Script is prone to a cross-site scripting vulnerability because the it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

Damianov.net Shoutbox 1.0 Cross Site Scripting

Exploit Title: damianov.net Shoutbox XSS Vulnerability Date: 13.05.2010 Author: Valentin Category: webapps/0day Version: 1.0 Tested on: Debian, Apache2, PHP5 CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1 :::::::::::::::::::::::::::::::::::::: General Information Advisory/Exploit Title =...

NPDS REvolution 10.02 - topic Cross-Site Scripting

NPDS REvolution 10.02 - topic Cross-Site Scripting source: https://www.securityfocus.com/bid/40157/info NPDS Revolution is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute...

Secunia Research: TomatoCMS Script Insertion Vulnerabilities

====================================================================== Secunia Research 10/05/2010 - TomatoCMS Script Insertion Vulnerabilities - ====================================================================== Table of Contents Affected...

Saurus CMS 4.7 - 'edit.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/40059/info Saurus CMS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user ...

Saurus CMS 4.7 - edit.php Cross-Site Scripting

Saurus CMS 4.7 - edit.php Cross-Site Scripting source: https://www.securityfocus.com/bid/40059/info Saurus CMS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary scri...

EasyPublish CMS 23.04.2010 - URI Cross-Site Scripting

EasyPublish CMS 23.04.2010 - URI Cross-Site Scripting source: https://www.securityfocus.com/bid/40037/info EasyPublish CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script...

WordPress Plugin Cimy Counter 0.9.4 - HTTP Response Splitting Cross-Site Scripting

WordPress Plugin Cimy Counter 0.9.4 - HTTP Response Splitting Cross-Site Scripting source: https://www.securityfocus.com/bid/41132/info Cimy Counter for WordPress is prone to an HTTP response-splitting vulnerability and a cross-site scripting vulnerability because it fails to properly sanitize...

WordPress Plugin TYPO3 t3m_cumulus_tagcloud Extension 1.0 - HTML Injection Cross-Site Scripting

WordPress Plugin TYPO3 t3mcumulustagcloud Extension 1.0 - HTML Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/39926/info TYPO3 't3mcumulustagcloud' extension is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize...

WordPress Plugin TYPO3 't3m_cumulus_tagcloud' Extension 1.0 - HTML Injection / Cross-Site Scripting

source: https://www.securityfocus.com/bid/39926/info TYPO3 't3mcumulustagcloud' extension is prone to HTML-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage the issues to execute arbitrary script code in the...

VMware View 3.1.x - URL Processing Cross-Site Scripting

source: https://www.securityfocus.com/bid/39949/info VMware View is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the contex...

Cross-site Scripting (XSS) Vulnerability in JComments Component for Joomla!

High-Tech Bridge SA Security Research Lab has discovered vulnerability in JComments component for Joomla! which could be exploited to perform cross-site scripting XSS attacks. 1 Cross-site scripting vulnerability in JComments: CVE-2010-5048 The vulnerability exists due to input sanitation error i...

Mango Blog 1.4.1 - '/archives.cfm/search' Cross-Site Scripting

source: https://www.securityfocus.com/bid/39864/info Mango Blog is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of...

osCommerce 3.0a5 - Local File Inclusion HTML Injection

osCommerce 3.0a5 - Local File Inclusion HTML Injection source: https://www.securityfocus.com/bid/39820/info osCommerce is prone to a local file-include vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local...

Apache ActiveMQ version 5.3.x XSS Vulnerabilities

Exploit for php platform in category web applications ================================================= Apache ActiveMQ version 5.3.x XSS Vulnerabilities ================================================= Severity: Medium Overview: --------- Apache ActiveMQ is prone to cross-site scripting...