6252 matches found
H-Sphere 2.x - HTML Template Inclusion Cross-Site Scripting
source: https://www.securityfocus.com/bid/7855/info H-Sphere is prone to multiple cross-site scripting vulnerabilities via the HTML template feature in the Hosting Control Panel. HTML and script code will not be filtered from pages which are generated when a request for an invalid or unknown...
CVE-2003-0375
Cross-site scripting XSS vulnerability in member.php of XMBforum XMB 1.8.x aka Partagium allows remote attackers to insert arbitrary HTML and web script via the "member" parameter...
PHP 4.x - Transparent Session ID Cross-Site Scripting
PHP 4.x - Transparent Session ID Cross-Site Scripting source: https://www.securityfocus.com/bid/7761/info A cross-site scripting vulnerability has been discovered in PHP. The problem occurs due to insufficient sanitization of the PHPSESSID URI parameter. An attacker may be capable of exploiting...
PHP 4.x - Transparent Session ID Cross-Site Scripting
source: https://www.securityfocus.com/bid/7761/info A cross-site scripting vulnerability has been discovered in PHP. The problem occurs due to insufficient sanitization of the PHPSESSID URI parameter. An attacker may be capable of exploiting this vulnerability by constructing a malicious link...
Sun ONE Application Server 7.0 - Error Message Cross-Site Scripting
Sun ONE Application Server 7.0 - Error Message Cross-Site Scripting source: https://www.securityfocus.com/bid/7710/info Sun ONE Application Server has been reported prone to a cross-site scripting vulnerability. Sun ONE Application Server does not adequately filter script code from URL parameters...
Sun ONE Application Server 7.0 - Error Message Cross-Site Scripting
source: https://www.securityfocus.com/bid/7710/info Sun ONE Application Server has been reported prone to a cross-site scripting vulnerability. Sun ONE Application Server does not adequately filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied...
Proxy Web Server XSS
The remote host is running a proxy web server that fails to adequately sanitize request strings of malicious JavaScript. By leveraging this issue, an attacker may be able to cause arbitrary HTML and script code to be executed in a user's browser within the security context of the affected site. C...
EZ Publish 2.2 - 'index.php' IMG Tag Cross-Site Scripting
source: https://www.securityfocus.com/bid/7616/info A cross-site scripting vulnerability has been reported for eZ publish. Specifically, eZ publish does not sufficiently sanitize user-supplied input supplied to the 'index.php' script. This may allow for theft of cookie-based authentication...
Inktomi Traffic Server 4.05.x - Cross-Site Scripting
Inktomi Traffic Server 4.05.x - Cross-Site Scripting source: https://www.securityfocus.com/bid/7596/info Inktomi Traffic Server is prone to a cross-site scripting vulnerability. This is due to insufficient sanitization of input passed to the proxy, which will be echoed back in error pages under...
Css in Xoops module glossary 1.3.x
Author: Magistrat Date: 30/03/2003 Object: XOOPS glossary Module Input Filtering Bug Allows Remote Users to Conduct Cross-Site Scripting Attacks Impact: Disclosure of authentication information, Execution of arbitrary code via network, Modification of user information, User access via network Fix...
CVE-2002-0292
Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field...
CVE-2002-0181
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter...
CVE-2002-1053
Cross-site scripting XSS vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message...
Siteframe search.php searchfor Parameter XSS
Siteframe 2.2.4 has a cross-site scripting bug. An attacker may use it to perform a cross-site scripting attack on this host. In addition to this, another flaw in this package may allow an attacker to obtain the physical path to the remote web root. %NASLMINLEVEL 70300 written by K-Otik.com...
osCommerce 2.12.2 - Checkout_Payment.php Error Output Cross-Site Scripting
osCommerce 2.12.2 - CheckoutPayment.php Error Output Cross-Site Scripting source: https://www.securityfocus.com/bid/7155/info Error output is not sufficiently sanitized of HTML and script code by osCommerce. This may allow for cross-site scripting attacks as remote users could create a malicious...
Basit 1.0 Submit Module - Cross-Site Scripting
Basit 1.0 Submit Module - Cross-Site Scripting source: https://www.securityfocus.com/bid/7139/info A cross-site scripting vulnerability has been reported for Basit. This vulnerability occurs due to insufficient sanitization of some user-supplied input. As a result of this deficiency an attacker m...
Basit 1.0 Search Module - Cross-Site Scripting
Basit 1.0 Search Module - Cross-Site Scripting source: https://www.securityfocus.com/bid/7142/info A cross-site scripting vulnerability has been reported for Basit. This vulnerability occurs due to insufficient sanitization of some user-supplied input. As a result of this deficiency an attacker m...
RSA ClearTrust 4.64.7 - Login Page Cross-Site Scripting
RSA ClearTrust 4.64.7 - Login Page Cross-Site Scripting source: https://www.securityfocus.com/bid/7108/info A cross-site scripting vulnerability has been discovered in ClearTrust. Specifically, the login page for the management application is not properly sanitized of some user-supplied values. A...
myPHPNuke 1.8.8 - 'links.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/6892/info Reportedly, myPHPNuke 'links.php' does not adequately filter HTML code thus making it prone to cross-site scripting attacks. It is possible for a remote attacker to create a malicious link containing script code that will be executed in the...
[SECURITY] [DSA 221-1] New mhonarc packages fix cross site scripting
-------------------------------------------------------------------------- Debian Security Advisory DSA 221-1 [email protected] http://www.debian.org/security/ Martin Schulze January 3rd, 2003 http://www.debian.org/security/faq -...