flyspray -- multiple vulnerabilities

The Flyspray Project reports: Flyspray is affected by a Cross Site scripting Vulnerability due to an error escaping PHP's $SERVER'QUERYSTRING' superglobal, that can be maliciously used to inject arbitrary code into the savesearch javascript function. There is an XSS problem in the history tab, th...

Citrix Metaframe Web Manager - login.asp Cross-Site Scripting

Citrix Metaframe Web Manager - login.asp Cross-Site Scripting source: https://www.securityfocus.com/bid/27948/info Citrix MetaFrame Web Manager is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execut...

OSSIM Framework session/login.php dest Parameter XSS

The remote host is running OSSIM Open Source Security Information Management, a suite of security tools managed by a web-based front-end. The version of OSSIM installed on the remote host fails to sanitize user input to the 'dest' parameter of the 'session/login.php' script before using it to...

Plume CMS 1.2.2 - '/manager/xmedia.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27999/info Plume CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...

projectpier-xssxsrf.txt

====================================================================== ProjectPier Impact: Cross Site Scripting Cross Site Request Forgery Status: patch available ------------------------------ Affected software description: ------------------------------ Application: ProjectPier Version: = 0.80...

Jinzora 2.7.5 - ajax_request.php Multiple Cross-Site Scripting Vulnerabilities

Jinzora 2.7.5 - ajaxrequest.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27876/info Jinzora is prone to multiple HTML-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may...

Jinzora 2.7.5 - 'slim.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/27876/info Jinzora is prone to multiple HTML-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an...

Jinzora 2.7.5 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/27876/info Jinzora is prone to multiple HTML-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an...

ProjectPier 0.8 - Multiple HTML Injection / Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/27857/info ProjectPier is prone to multiple HTML-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an...

Sophos Email Appliance 2.1 - Web Interface Multiple Cross-Site Scripting Vulnerabilities

Sophos Email Appliance 2.1 - Web Interface Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/27813/info Sophos Email Appliance is prone to multiple cross-site scripting vulnerabilities that affect its web interface because it fails to properly sanitize...

JSPWiki Multiple Vulnerabilities

JSPWiki Multiple Vulnerabilities Vendor: Janne Jalkanen JSPWiki – http://www.jspwiki.org Application Description: From JSPWiki website - “JSPWiki is a feature-rich and extensible WikiWiki engine built around a standart J2EE components Java, servlets, JSP.” Tested versions: JSPWiki v2.4.104 JSPWik...

artmedic weblog index.php jahrneu Parameter XSS

artmedic weblog index.php jahrneu Parameter XSS. CVE-2008-0765. Webapps exploit for php platform source: http://www.securityfocus.com/bid/27745/info artmedic webdesign weblog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An...

artmedic weblog artmedic_print.php date Parameter XSS

artmedic weblog artmedicprint.php date Parameter XSS. CVE-2008-0765. Webapps exploit for php platform source: http://www.securityfocus.com/bid/27745/info artmedic webdesign weblog is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. ...

Cacti 0.8.7 - graph_view.php?filter Cross-Site Scripting

Cacti 0.8.7 - graphview.php?filter Cross-Site Scripting source: https://www.securityfocus.com/bid/27749/info Cacti is prone to multiple unspecified input-validation vulnerabilities, including: - Multiple cross-site scripting vulnerabilities - Multiple SQL-injection vulnerabilities - An HTTP...

Cacti 0.8.7 - graph_view.php?graph_list SQL Injection

Cacti 0.8.7 - graphview.php?graphlist SQL Injection source: https://www.securityfocus.com/bid/27749/info Cacti is prone to multiple unspecified input-validation vulnerabilities, including: - Multiple cross-site scripting vulnerabilities - Multiple SQL-injection vulnerabilities - An HTTP...

Cacti 0.8.7 - graph_xport.php?local_graph_id SQL Injection

Cacti 0.8.7 - graphxport.php?localgraphid SQL Injection source: https://www.securityfocus.com/bid/27749/info Cacti is prone to multiple unspecified input-validation vulnerabilities, including: - Multiple cross-site scripting vulnerabilities - Multiple SQL-injection vulnerabilities - An HTTP...

Cacti 0.8.7 - 'graph_view.php?filter' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27749/info Cacti is prone to multiple unspecified input-validation vulnerabilities, including: - Multiple cross-site scripting vulnerabilities - Multiple SQL-injection vulnerabilities - An HTTP response-splitting vulnerability. Attackers may exploit these...

Cacti 0.8.7 - 'graph_xport.php?local_graph_id' SQL Injection

source: https://www.securityfocus.com/bid/27749/info Cacti is prone to multiple unspecified input-validation vulnerabilities, including: - Multiple cross-site scripting vulnerabilities - Multiple SQL-injection vulnerabilities - An HTTP response-splitting vulnerability. Attackers may exploit these...

Cacti 0.8.7 - 'tree.php' Multiple SQL Injections

source: https://www.securityfocus.com/bid/27749/info Cacti is prone to multiple unspecified input-validation vulnerabilities, including: - Multiple cross-site scripting vulnerabilities - Multiple SQL-injection vulnerabilities - An HTTP response-splitting vulnerability. Attackers may exploit these...

Calimero.CMS 3.3 - 'id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27690/info Calimero.CMS is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal...