6666 matches found
awstats -- multiple XSS vulnerabilities
Secunia reports: Morgan Todd has discovered a vulnerability in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed in the URL to awstats.pl is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary...
Microsoft Office Web Components ActiveX Control DataSource Remote Code Execution Vulnerability
Description Microsoft Office Web Components is prone to a remote code-execution vulnerability. An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document. Successfully exploiting this issue allows remote attackers to execute arbitrary code in the conte...
EncapsGallery 1.11.2 - catalog_watermark.php?file Cross-Site Scripting
EncapsGallery 1.11.2 - catalogwatermark.php?file Cross-Site Scripting source: https://www.securityfocus.com/bid/28178/info EncapsGallery is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to...
Gallarific - search.php?query Cross-Site Scripting
Gallarific - search.php?query Cross-Site Scripting source: https://www.securityfocus.com/bid/28163/info Gallarific is prone to a cross-site scripting vulnerability and multiple authentication-bypass vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the...
F5 BIG-IP 9.4.3 - Web Management Interface Console HTML Injection
F5 BIG-IP 9.4.3 - Web Management Interface Console HTML Injection source: https://www.securityfocus.com/bid/28151/info F5 BIG-IP Web Management Interface is prone to a HTML-injection vulnerability because the web management interface fails to properly sanitize user-supplied input. An attacker may...
F5 BIG-IP 9.4.3 - Web Management Interface Console HTML Injection
source: https://www.securityfocus.com/bid/28151/info F5 BIG-IP Web Management Interface is prone to a HTML-injection vulnerability because the web management interface fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the brows...
Neptune Web Server 3.0 - 404 Error Page Cross-Site Scripting
Neptune Web Server 3.0 - 404 Error Page Cross-Site Scripting source: https://www.securityfocus.com/bid/28148/info Neptune Web Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...
ImageVue 1.7 - dir2.php?path Cross-Site Scripting
ImageVue 1.7 - dir2.php?path Cross-Site Scripting source: https://www.securityfocus.com/bid/28138/info Imagevue is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...
WordPress 2.3.2 - wp-admininvites.php?to Cross-Site Scripting
WordPress 2.3.2 - wp-admininvites.php?to Cross-Site Scripting source: https://www.securityfocus.com/bid/28139/info WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute...
WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
source: https://www.securityfocus.com/bid/28139/info WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the...
ImageVue 1.7 - 'upload.php?path' Cross-Site Scripting
source: https://www.securityfocus.com/bid/28138/info Imagevue is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...
Neptune Web Server 3.0 - 404 Error Page Cross-Site Scripting
source: https://www.securityfocus.com/bid/28148/info Neptune Web Server is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
Podcast Generator 0.96.2 - 'set_permissions.php' Cross-Site Scripting Vulnerability
Podcast Generator 0.96.2 'setpermissions.php' Cross-Site Scripting Vulnerability. CVE-2008-1212. Webapps exploit for php platform source: http://www.securityfocus.com/bid/28106/info Podcast Generator is prone to a cross-site scripting vulnerability because it fails to adequately sanitize...
MG2 - 'list' Cross-Site Scripting
source: https://www.securityfocus.com/bid/28098/info MG2 is prone to a cross-site scripting vulnerability because it fails to adequately sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the...
Flyspray 0.9.9 - Information DisclosureHTML Injection Cross-Site Scripting
Flyspray 0.9.9 - Information DisclosureHTML Injection Cross-Site Scripting source: https://www.securityfocus.com/bid/28076/info Flyspray is prone to an information-disclosure issue, an HTML-injection issue, and multiple cross-site scripting vulnerabilities because it fails to properly sanitize...
Simple PHP Scripts Gallery 0.x - index.php Cross-Site Scripting
Simple PHP Scripts Gallery 0.x - index.php Cross-Site Scripting source: https://www.securityfocus.com/bid/28056/info Simple PHP Scripts 'gallery' is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this...
Simple PHP Scripts Gallery 0.x - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/28056/info Simple PHP Scripts 'gallery' is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...
Flicks Software AuthentiX 6.3b1 - Username Multiple Cross-Site Scripting Vulnerabilities
Flicks Software AuthentiX 6.3b1 - Username Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/28040/info Flicks Software AuthentiX is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker...
Juniper Networks Secure Access 2000 - rdremediate.cgi Cross-Site Scripting
Juniper Networks Secure Access 2000 - rdremediate.cgi Cross-Site Scripting source: https://www.securityfocus.com/bid/28034/info Juniper Networks Secure Access 2000 is prone to a cross-site scripting vulnerability because it fails to adequately sanitize user-supplied input. An attacker may leverag...
SA-2008-018 - Drupal core - Cross site scripting
Titles are not escaped prior to being displayed on content edit forms, allowing users to inject arbitrary HTML and script code into these pages. The Drupal.checkPlain function, used to escape text in ECMAScript, contains a bug which causes it to escape only the first instance of a character,...