Oracle HTML DB 1.51.6 - f?p Cross-Site Scripting

Oracle HTML DB 1.51.6 - f?p Cross-Site Scripting source: https://www.securityfocus.com/bid/15031/info Oracle HTML DB is prone to cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context...

Utopia News Pro 1.1.3 - footer.php Multiple Cross-Site Scripting Vulnerabilities

Utopia News Pro 1.1.3 - footer.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15027/info Utopia News Pro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied...

Aenovo - Multiple Cross-Site Scripting Vulnerabilities

Aenovo - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/15038/info aeNovo is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage the...

Utopia News Pro 1.1.3 - 'header.php?sitetitle' Cross-Site Scripting

source: https://www.securityfocus.com/bid/15027/info Utopia News Pro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execut...

Aenovo - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/15038/info aeNovo is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the...

GLSA-200509-16 : Mantis: XSS and SQL injection vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200509-16 Mantis: XSS and SQL injection vulnerabilities Mantis fails to properly sanitize untrusted input before using it. This leads to a SQL injection and several cross-site scripting vulnerabilities. Impact : An attacker could...

IceWarp Web Mail 5.5.1 - 'blank.html?id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14980/info IceWarp is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in th...

CMS Made Simple 0.10 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14937/info CMS Made Simple is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the...

PHP Advanced Transfer Manager <= 1.30 Multiple Vulnerabilities

The version of PHP Advanced Transfer Manager on the remote host suffers from multiple information disclosure and cross-site scripting flaws. For example, by calling a text or HTML viewer directly, an unauthenticated attacker can view arbitrary files, provided PHP's 'registerglobals' setting is...

PHP Advanced Transfer Manager 1.30 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/14887/info PHP Advanced Transfer Manager is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitra...

vBulletin 1.0.1 lite2.x3.0 - admincpuser.php?email Cross-Site Scripting

vBulletin 1.0.1 lite2.x3.0 - admincpuser.php?email Cross-Site Scripting source: https://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...

vBulletin 1.0.1 lite2.x3.0 - admincpmodlog.php?orderby Cross-Site Scripting

vBulletin 1.0.1 lite2.x3.0 - admincpmodlog.php?orderby Cross-Site Scripting source: https://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...

vBulletin 1.0.1 lite2.x3.0 - admincptemplate.php Multiple Cross-Site Scripting Vulnerabilities

vBulletin 1.0.1 lite2.x3.0 - admincptemplate.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize...

vBulletin 1.0.1 lite/2.x/3.0 - &#039;/admincp/language.php?goto&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code...

Calendar Express Multiple Vulnerabilities (SQLi, XSS)

The remote host is using Calendar Express, a PHP web calendar. Vulnerabilities exist in this version that could allow an attacker to execute arbitrary HTML and script code in the context of the user's browser, and SQL injection. An attacker could exploit these flaws to use the remote host to...

Greymatter Comment Name Field Control Panel Log XSS

The remote host is using Greymatter, an open source weblogging and journal software written in perl. A vulnerability exists in this version that could allow an attacker to execute arbitrary HTML and script code in the context of the user's browser. %NASLMINLEVEL 70300 C Tenable Network Security,...

MIVA Merchant 5 - Merchant.MVC Cross-Site Scripting

MIVA Merchant 5 - Merchant.MVC Cross-Site Scripting source: https://www.securityfocus.com/bid/14828/info MIVA Merchant 5 is prone to a cross-site scripting vulnerability.This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue...

MIVA Merchant 5 - Merchant.MVC Cross-Site Scripting

source: https://www.securityfocus.com/bid/14828/info MIVA Merchant 5 is prone to a cross-site scripting vulnerability.This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the brows...

[SA16775] PunBB Multiple Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

Sawmill < 7.1.14 GET Request Query String XSS

The version of Sawmill running on the remote web server is affected by a cross-site scripting vulnerability due to improper validation of user-supplied input appended to a GET request. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary scri...