SparkleBlog Journal.php HTML Injection Vulnerability =>v2.1 (all versions vulnerable)

SparkleBlog is prone to HTMl injection attacks. It is possible for a malicious SparkleBlog user to inject hostile HTML script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of SparkleBlog. SparkleBlog does not adequately...

RSA ACE Agent 5.x - Image Cross-Site Scripting

source: https://www.securityfocus.com/bid/15206/info RSA ACE Agent is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user i...

PHP-Nuke Search Enhanced Module 1.1/2.0 - HTML Injection

source: https://www.securityfocus.com/bid/15218/info Search Enhanced module for is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-supplied HTML and scri...

flyspray -- cross-site scripting vulnerabilities

A Secunia Advisory reports: Lostmon has reported some vulnerabilities in Flyspray, which can be exploited by malicious people to conduct cross-site scripting attacks. Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script...

phpMyAdmin: Local file inclusion and XSS vulnerabilities

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Stefan Esser discovered that by calling certain PHP files directly, it was possible to workaround the grabglobals.lib.php security model and overwrite the $cfg configuration...

Zomplog Script Injection Vulnerability =>3.4 (all versions vulnerable)

zomplog is prone to xss injection attacks. It is possible for a malicious zomplog user to inject hostile xss and script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of zomplog. zomplog does not adequately filter xss tags...

Chipmunk Forum - newtopic.php?forumID Cross-Site Scripting

Chipmunk Forum - newtopic.php?forumID Cross-Site Scripting source: https://www.securityfocus.com/bid/15149/info Chipmunk products are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker...

Chipmunk Forum - 'quote.php?forumID' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15149/info Chipmunk products are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the applications to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code...

Xerver 4.17 Server - URI Null Character Cross-Site Scripting

Xerver 4.17 Server - URI Null Character Cross-Site Scripting source: https://www.securityfocus.com/bid/15135/info Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit a...

Xerver 4.17 - Forced Directory Listing

Xerver 4.17 - Forced Directory Listing source: https://www.securityfocus.com/bid/15135/info Xerver is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit a vulnerability to...

MySource 2.14 - edit_table_props.php?bgcolor Cross-Site Scripting

MySource 2.14 - edittableprops.php?bgcolor Cross-Site Scripting source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...

MySource 2.14 - upgrade_in_progress_backend.php?target_url Cross-Site Scripting

MySource 2.14 - upgradeinprogressbackend.php?targeturl Cross-Site Scripting source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...

MySource 2.14 - insert_table.php?bgcolor Cross-Site Scripting

MySource 2.14 - inserttable.php?bgcolor Cross-Site Scripting source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may...

MySource 2.14 - 'upgrade_in_progress_backend.php?target_url' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in t...

MySource 2.14 - 'Span.php?PEAR_PATH' Remote File Inclusion

source: https://www.securityfocus.com/bid/15133/info MySource is prone to multiple remote and local file include vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to execute arbitrary...

MySource 2.14 - 'edit_table_props.php?bgcolor' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15132/info MySource is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in t...

Complete PHP - Counter Cross-Site Scripting

Complete PHP - Counter Cross-Site Scripting source: https://www.securityfocus.com/bid/15112/info Complete PHP Counter is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue t...

YaPiG 0.95b - view.php?img_size Cross-Site Scripting

YaPiG 0.95b - view.php?imgsize Cross-Site Scripting source: https://www.securityfocus.com/bid/15092/info Yapig is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...

YaPiG 0.95b - 'view.php?img_size' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15092/info Yapig is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser of an...

Oracle 9 - XML DB Cross-Site Scripting

Oracle 9 - XML DB Cross-Site Scripting source: https://www.securityfocus.com/bid/15034/info Oracle XML DB is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...