Cross-site scripting vulnerability in multiple phpspot products

Overview Multiple products provided by phpspot contain a cross-site scripting vulnerablility. Multiple products BBS Software etc. provided by phpspot contain a cross-site scripting vulnerablility. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA...

XF-Section vulnerable to cross-site scripting

Overview XF-Section from Happy Linux contains a cross-site scripting vulnerability. XF-Secion from Happy Linux is a XOOPS module that categorizes contents. XF-Section contains a cross-site scripting vulnerability. Masako Oono reported this vulnerability to IPA. JPCERT/CC coordinated with the...

Chrome/Opera ATOM/RSS Reader Script Execution

Exploiting Chrome and Opera’s inbuilt ATOM/RSS reader with Script Execution and more ---------------------------------------------------------------------------- --------- For complete post with images, please visit - http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomr...

ColdFusion vulnerable to cross-site scripting

Overview ColdFusion provided by Adobe contains a cross-site scripting vulnerability. ColdFusion from Adobe is a software to develop web applications. ColdFusion contains a cross-site scripting vulnerability. This vulnerability is different from JVN28356427 and JVN48566866. Project VEX of UBsecure...

XSS vulnerability can be exploited with the pagetree macro

Use the following markup: noformatpagetree:root=alert'12'noformat Whenever the page is viewed, the script will be executed...

XSS vulnerability can be exploited with the pagetree macro

Use the following markup: noformatpagetree:root=alert'12'noformat Whenever the page is viewed, the script will be executed...

XSS vulnerability can be exploited with the Userlister macro

Use the following markup: noformatuserlister:groups=alert'Vulerable'noformat Whenever the page is viewed, the script will be executed...

XSS bug when unfavouriting a dashboard

When unfavouriting a dashboard with name 'alert'blah';' the javascript is executed. https://extranet.atlassian.com/display/QA/JIRA+Dashboards+Blitz+-+Mark%27s+Findings...

XSS bug when unfavouriting a dashboard

When unfavouriting a dashboard with name 'alert'blah';' the javascript is executed. https://extranet.atlassian.com/display/QA/JIRA+Dashboards+Blitz+-+Mark%27s+Findings...

Cross-site scripting vulnerability in RevoCounter CGI (Animation Counter)

Overview RevoCounter CGI Animation Counter from futomi's CGI Cafe contains a cross-site scripting vulnerability. RevoCounter CGI Animation Counter from futomi's CGI Cafe is a software that displays an animated counter on a webpage. RevoCounter CGI Animation Counter contains a cross-site scripting...

PHP Scripts Now Hangman - 'index.php?n' SQL Injection

source: https://www.securityfocus.com/bid/43513/info TOPHangman is prone to an SQL-injection vulnerability and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to compromise the application, access or modify data,...

shiromuku(fs6)DIARY cross-site scripting vulnerability

Overview shiromukufs6DIARY from Perl CGI's By Mrs. Shiromuku contains a cross-site scripting vulnerability. shiromukufs6DIARY from Perl CGI's By Mrs. Shiromuku is a web log software. shiromukufs6DIARY contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the...

Tree BBS from Let's PHP! vulnerable to cross-site scripting

Overview Tree BBS from Let's PHP! contains a cross-site scripting vulnerability. Tree BBS from Let's PHP! is a tree-structured bulletin board software. Tree BBS contains a cross-site scripting vulnerability. Yoshinori Ohta of Business Architects Inc. reported this vulnerability to IPA. JPCERT/CC...

Movable Type cross-site scripting vulnerability

Overview Movable Type contains a cross-site scripting vulnerability. Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is a different vulnerability than past reports on JVN. A successful attack requires mt-wizard.cgi not to be...

Google Chrome Web Script Execution Vulnerabilities - Jun09

This host has Google Chrome installed and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: secpodgooglechromebofvulnjun09.nasl 7585 2017-10-26 15:03:01Z cfischer $ Google Chrome Browser Kernel Buffer Overflow Vulnerability - Jun09 Authors: Sharath S Copyright: Copyright ...

Debian: Security Advisory (DSA-1816-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Cross-site scripting vulnerability in activeCollab

Overview activeCollab from A51 D.O.O. contains a cross-site scripting vulnerability. activeCollab from A51 D.O.O. is software for project management. activeCollab contains a cross-site scripting vulnerability. Daiki Fukumori reported this vulnerability to IPA. JPCERT/CC coordinated with the vendo...

XSS vulnerability can be exploited on the WebDAV Configuration page

Steps: Go to WebDAV Configuration Enter 'alert"XSS"' Click on 'Add new regex' button The script will be executed. It will continue to be executed whenever a user clicks on the 'Save' button. This can be done by users in the confluence-admin group, so it could be used by them to gain access to...

Google Chrome Web Script Execution Vulnerabilities - June09

This host has Google Chrome installed and is prone to Web Script Execution vulnerabilities. OpenVAS Vulnerability Test $Id: secpodgooglechromewebscriptexecvulnjun09.nasl 7585 2017-10-26 15:03:01Z cfischer $ Google Chrome Web Script Execution Vulnerabilities - June09 Authors: Sharath S Copyright:...

Opera Web Script Execution Vulnerabilities - June09 (Linux)

This host has Opera browser installed and is prone to Web Script Execution vulnerabilities. OpenVAS Vulnerability Test $Id: secpodoperawebscriptexecvulnjun09lin.nasl 5122 2017-01-27 12:16:00Z teissa $ Opera Web Script Execution Vulnerabilities - June09 Linux Authors: Sharath S Copyright: Copyrigh...