URLStreet 1.0 - seeurl.php Multiple Cross-Site Scripting Vulnerabilities

URLStreet 1.0 - seeurl.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/28650/info URLStreet is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these...

mcGallery 1.1 - show.php?lang Cross-Site Scripting

mcGallery 1.1 - show.php?lang Cross-Site Scripting source: https://www.securityfocus.com/bid/28587/info mcGallery is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary scri...

mcGallery 1.1 - 'sess.php?lang' Cross-Site Scripting

source: https://www.securityfocus.com/bid/28587/info mcGallery is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in t...

mcGallery 1.1 - 'show.php?lang' Cross-Site Scripting

source: https://www.securityfocus.com/bid/28587/info mcGallery is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in t...

@lex Guestbook 4.0.5 - 'setup.php?language_setup' Cross-Site Scripting

source: https://www.securityfocus.com/bid/28519/info @lex Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in...

JVN#76669770 PerlMailer cross-site scripting vulnerability

PerlMailer is a mail form CGI provided by "Homepage Decorator". It is used to send mail from a form on a web page. A cross-site scripting vulnerabiltiy exists in PerlMailer. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest...

Uberghey CMS 0.3.1 - 'index.php' Multiple Local File Inclusions

source: https://www.securityfocus.com/bid/28217/info Uberghey CMS is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. Exploiting these issues may allow an attacker to access potentially sensitive information and execute arbitrary loca...

JVN#95014590 Zimbra Collaboration Suite script execution vulnerability

Zimbra Collaboration Suite is a web collaboration tool that provides calendar, address book, webmail, and other functions. Zimbra Collaboration Suite 4.0.3 and 4.5.6 contain a vulnerability that could allow a remote attacker to execute an arbitrary script on the user's web browser. Impact If a us...

GLSA-200803-09 : Opera: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200803-09 Opera: Multiple vulnerabilities Mozilla discovered that Opera does not handle input to file form fields properly, allowing scripts to manipulate the file path CVE-2008-1080. Max Leonov found out that image comments might...

Opera browser multiple security vulnerabilities

Information leakage on form file upload, images comments scrip execution , DOM sanitization filters bypass...

CVE-2008-1081

Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties...

openSUSE 10 Security Update : opera (opera-5028)

This is a version update for Opera to version 9.26 to fix : - Fixed an issue where simulated text inputs could trick users into uploading arbitrary files, as reported by Mozilla. - Image properties can no longer be used to execute scripts, as reported by Max Leonov. - Fixed an issue where the...

Packeteer PacketShaper and PolicyCenter 8.2.2 - FILELIST Cross-Site Scripting

Packeteer PacketShaper and PolicyCenter 8.2.2 - FILELIST Cross-Site Scripting source: https://www.securityfocus.com/bid/27982/info Packeteer PacketShaper and PolicyCenter are prone to a cross-site scripting vulnerability because they fail to sufficiently sanitize user-supplied input data. An...

JVN#54593414 Cross-site scripting vulnerability in multiple Tor World CGI scripts

Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the Software Apply the latest update...

JVN#38893575 PC2M cross-site scripting vulnerability

PC2M is an open source web application which converts web pages and images to be available on web-capable mobile devices such as cellphones and PDAs. PC2M contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update the...

OpenBiblio 0.x - 'theme_preview.php?themeName' Cross-Site Scripting

source: https://www.securityfocus.com/bid/27053/info OpenBiblio is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include SQL-injection, cross-site scripting, HTML-injection, and local file-include vulnerabilities...

ImgSvr 0.6.21 - Error Message Remote Script Execution

ImgSvr 0.6.21 - Error Message Remote Script Execution source: https://www.securityfocus.com/bid/27033/info ImgSvr is prone to a remote script-execution vulnerability because it fails to adequately sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the...

ImgSvr 0.6.21 - Error Message Remote Script Execution

source: https://www.securityfocus.com/bid/27033/info ImgSvr is prone to a remote script-execution vulnerability because it fails to adequately sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also...

iDevSpot iSupport 1.8 - 'index.php' Local File Inclusion

source: https://www.securityfocus.com/bid/26961/info iSupport is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts. This issue affects iSupport 1.8;...

JVN#65427327 Sleipnir and Grani Bookmark Search vulnerable to arbitrary script execution

Sleipnir and Grani, web browsers from Fenrir & Co., have a bookmark search function. When a user runs the search function, the search result is displayed in the web browser. If a specially crafted URL is registered to the bookmark, an attacker could execute an arbitrary script on the user's web...