Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...

Sage vulnerable to arbitrary script execution

Overview Sage is an RSS and Atom feed reader extension for Mozilla Firefox. If a malicious script is embedded in an RSS feed, Sage does not properly handle the data, which may allow an arbitrary script to be executed on a user's web browser. Impact An arbitrary script may be executed on Mozilla...

Interstage Application Server cross-site scripting vulnerability

Overview The Servlet Service for Interstage Business Application and the Servlet Service for Interstage Management Console may be referred to as "Servlet Service for Interstage Operation Management" in certain versions included in the Interstage product series from Fujitsu contain a cross-site...

NewsGlue and Ikinari Jijyoutsuu arbitrary script execution vulnerability

Overview NewsGlue and Ikinari Jijyoutsuu are RSS readers. An arbitrary script embedded in RSS feeds could be executed in either of the RSS readers, as they fail to handle the output of RSS information properly. Impact An arbitrary script could be executed in NewsGlue or Ikinari Jijyoutsuu...

open-gorotto cross-site scripting vulnerability

Overview open-gorotto, open source software to create members-only community sites, contains a cross-site scripting vulnerability, as it does not properly handle output of usernames. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is...

Internet Explorer vulnerable in MHTML handling

Overview Internet Explorer is vulnerable in handling MHTML MIME Encapsulation of Aggregate HTML protocol, which allows an arbitrary script execution. When Internet Explorer accesses a website with the MHTML protocol, Internet Explorer processes the contents as MHTML data, ignoring their actual...

rktSNS cross-site scripting vulnerability

Overview rktSNS, an open source social networking service engine provided by rakuto.net, contains a cross-site scripting vulnerability. rktSNS, provided by rakuto.net, is open source software for community site construction. rktSNS contains a cross-site scripting vulnerability. Impact An arbitrar...

sHTTPd cross-site scripting vulnerability

Overview sHTTPd, from Uchu Ninja Neko-dan, contains a cross-site scripting vulnerability. sHTTPd from Uchu Ninja Neko-dan is a web server for Windows. sHTTPd contains a cross-site scripting vunerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the...

WebCart cross-site scripting vulnerability

Overview WebCart, provided by CGI's, contains a cross-site scripting vulnerability. WebCart provided by CGI's is shopping cart software. WebCart's management interface contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...

MouseoverDictionary vulnerable to arbitrary script execution

Overview MouseoverDictionary, an add-on for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an arbitrary script. MouseoverDictionary, an add-on mouseover English-Japanese dictionary for Mozilla Firefox, contains a vulnerability that allows an attacker to execute an...

NetCommons cross-site scripting vulnerability

Overview NetCommons from the NetCommons Project contains a cross-site scripting vulnerability. NetCommons from the NetCommons Project is an open source content management system which provides e-learning and groupware functions. NetCommons contains a cross-site scripting vulnerability. This...

Cross-site scripting vulnerability in updir.php in UPDIR.NET

Overview updir.php in UPDIR.NET contains a cross-site scripting vulnerability in the full-text search and file upload functions. updir.php from UPDIR.NET is software for publishing and managing image files, etc. on web servers. By installing updir.php on a web server, users are able to upload ima...

Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"

Overview modimap and modimagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting. The Apache HTTP Server is open source web server software. The Apache HTTP Server modules modimap and modimagemap provide server-side imagemap processing capability. The Apache HTTP Server...

Minnu's filer2 vulnerable in allowing arbitrary Ruby script execution

Overview The Minnu's filer2 is a Unix file managing program. This software has a vulnerability that allows a attacker to execute arbitrary Ruby scripts with the privilege of the user running the Minnu's filer2. Impact An attacker could take over a user's account, steal the user's information or...

QUICK CART cross-site scripting vulnerability

Overview QUICK CART is a shopping cart system for building Internet shop sites. QUICK CART contains a cross-site scripting vulnerability as it does not validate inputs properly. Impact An arbitrary script could be executed on the user's web browser. Solution None...

Trac cross-site scripting vulnerability

Overview Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability. Impact A remote attacker could possibly execute an arbitrary script on the user's web browser. Solution...

Joomla! cross-site scripting vulnerability

Overview Joomla!, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solution None...

ATutor cross-site scripting vulnerability

Overview ATutor, an open source e-learning content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Authentication information could be stolen as a result. Solution None...

QwikiWiki cross-site scripting vulnerability

Overview QwikiWiki, one of Wiki clones, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. User credentials could be leaked as a result. Solution None...

Shobo Shobo Nikki System (sns) cross-site scripting vulnerability

Overview Shobo Shobo Nikki System sns, weblog scripts provided by Project Amateras, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Also, the administrator's password could be disclosed if cookie information is leaked. Solution...