Movable Type cross-site scripting vulnerability

Overview Movable Type, a web log system from Six Apart, contains a cross-site scripting vulnerability. This vulnerability is different from JVN68295640. Impact An arbitrary script could be executed on the user's web browser or the display of a web page could be falsified. In addition, an attacker...

CGI RESCUE WebFORM vulnerable to cross-site scripting

Overview WebFORM, released from CGI RESCUE, is a CGI script written in perl that allows a user to send email messages via a HTML form. WebFORM contains a cross-site scripting vulnerability. Impact An abitrary script may be executed on the user's web browser. Solution None...

Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...

Sage vulnerable to arbitrary script execution

Overview Sage is an RSS and Atom feed reader extension for Mozilla Firefox. If a malicious script is embedded in an RSS feed, Sage does not properly handle the data, which may allow an arbitrary script to be executed on a user's web browser. Impact An arbitrary script may be executed on Mozilla...

MailDwarf cross-site scripting vulnerability

Overview MailDwarf is a mail form CGI provided by HTML Dwarf. MailDwarf contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution...

Overlay Weaver cross-site scripting vulnerability

Overview Overlay Weaver is software for constructing and emulating overlay network. Overlay Weaver's DHT shell contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

PC2M cross-site scripting vulnerability

Overview PC2M is an open source web application which converts web pages and images to be available on web-capable mobile devices such as cellphones and PDAs. PC2M contains a cross-site scripting vulnerability. Impact An arbitrary script can be executed on the user's web browser. Solution Update...

Cross-site scripting vulnerability in multiple Tor World CGI scripts

Overview Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Tor World provides CGI scripts for implementing search engines, message boards, and other tools. Multiple Tor World CGI scripts contain a cross-site scripting vulnerability. Impact An arbitrary script can be...

Cross-site scripting vulnerabilities in multiple Bluemoon Inc. XOOPS modules

Overview Mutiple Bluemoon Inc. XOOPS modules are vulnerable to cross-site scripting. Mutiple modules provided by Blumoon Inc. for XOOPS 2.0.x / XOOPS Cube 2.1 / ImpressCMS are vulnerable to cross-site scripting. Yosuke Yamada and Hirohisa Yamaguchi of NetAgent Co., Ltd. reported this vulnerabilit...

Serene Bach cross-site scripting vulnerability

Overview Serene Bach, a weblog management tool from SerendipityNZ Limited, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Also, session information or credential information kept in a cookie could be leaked. Solution None...

open-gorotto cross-site scripting vulnerability

Overview open-gorotto, open source software to create members-only community sites, contains a cross-site scripting vulnerability, as it does not properly handle output of usernames. Impact An arbitrary script may be executed on the user's web browser. If session information from a cookie is...

Trac cross-site scripting vulnerability

Overview Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability. Impact A remote attacker could possibly execute an arbitrary script on the user's web browser. Solution...

Phorum cross-site scripting vulnerability

Overview Phorum, an open source message board system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution None...

Dokeos cross-site scripting vulnerability

Overview Dokeos, an open source e-learning content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. In particular, if session information from a cookie is leaked, an attacker could possibly conduct session...

Owl cross-site scripting vulnerability

Overview Owl, an open source document management and publishing system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. As a result, web pages could be spoofed. Solution...

MDPro cross-site scripting vulnerability

Overview MDPro, an open source content management system, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct session hijacking. Solutio...

SugarCRM cross-site scripting vulnerability

Overview SugarCRM, an open source CRM Customer Relationship Management package, contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. In addition, if session information from a cookie is leaked, an attacker could possibly conduct...

Joomla! cross-site scripting vulnerability

Overview Joomla!, an open source content management system, contains a cross-site scripting vulnerability. This vulnerability is different from JVN79484135. Impact An arbitrary script may be executed on the user's web browser. If session information in a cookie is leaked, an attacker could possib...

CGI RESCUE WebFORM vulnerable to HTTP header injection

Overview WebFORM released from CGI RESCUE is software that allows the emailing of contents of a HTML form. WebFORM contains a HTTP header injection vulnerability which is caused by improperly processing the output of HTTP headers. Impact Falsified information may be displayed or an arbitrary scri...

Sleipnir RSS bar vulnerable in handling RSS data in an inappropriate security zone

Overview Sleipnir is a tabbed web browser developed in Japan by Fenrir & Co. Sleipnir RSS bar contains a vulnerability that RSS data is handled in an inappropriate security zone My Computer zone. Impact An arbitrary script could be executed in an inappropriate security zone. Solution None...