49 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a forced SQL error message...
CVE-2010-4753
Cross-site scripting XSS vulnerability in LightNEasy.php in LightNEasy 3.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, which is not properly handled in a forced SQL error message...
CVE-2010-2854
Multiple cross-site scripting XSS vulnerabilities in modfile.php in Event Horizon EVH 1.1.10, when magicquotesgpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the 1 YourEmail and 2 VerificationNumber parameters, which are not properly handled in a forced SQL erro...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in modfile.php in Event Horizon EVH 1.1.10, when magicquotesgpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the 1 YourEmail and 2 VerificationNumber parameters, which are not properly handled in a forced SQL erro...
CVE-2010-2854
Multiple cross-site scripting XSS vulnerabilities in modfile.php in Event Horizon EVH 1.1.10, when magicquotesgpc is disabled, allow remote attackers to inject arbitrary web script or HTML via the 1 YourEmail and 2 VerificationNumber parameters, which are not properly handled in a forced SQL erro...
CVE-2010-2722
Cross-site scripting XSS vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to inject arbitrary web script or HTML via the artistid parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the...
CVE-2010-2722
CVE-2010-2722 describes an XSS vulnerability in RightInPoint Lyrics Script 3.0 (index.php) where the attacker can inject arbitrary script via the artist_id parameter, due to inadequate handling of data in a forced SQL error message. The affected component is the web interface’s index.php for Lyri...
CVE-2010-1854
CVE-2010-1854 concerns an XSS in auktion.php of Pay Per Watch & Bid Auktions System, exploitable through the id_auk parameter, where an injected script/HTML appears in a forced SQL error message. Related records (NVD/Red Hat) confirm this vulnerability and its association to CVE-2010-1855 (SQL in...
CVE-2010-1854
Cross-site scripting XSS vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to inject arbitrary web script or HTML via the idauk parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; th...
Cross site scripting
Cross-site scripting XSS vulnerability in tsother.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message...
CVE-2010-1339
CVE-2010-1339 is a cross-site scripting (XSS) vulnerability affecting the WoltLab Burning Board installation using the Teamsite Hack plugin (3.0 and earlier). The issue is triggered by the userid parameter in a modboard action within ts_other.php, where user input is inappropriately handled insid...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in Entry Level CMS EL CMS allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are...
CVE-2010-1076
Cross-site scripting XSS vulnerability in index.php in Entry Level CMS EL CMS allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are...
CVE-2010-0376
CVE-2010-0376 is an XSS vulnerability in JCE-Tech PHP Calendars, specifically in product_list.php where the cat parameter can be exploited to inject arbitrary HTML/Script. The issue is described as arising from a forced SQL error message related to CVE-2010-0375. Connected sources confirm the vul...
CVE-2010-0376
Cross-site scripting XSS vulnerability in productlist.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation ...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the 1 searchtext and 2 searchcategory parameters. NOTE: the XSS reportedly occurs in a forced SQL error message. NOTE: some of these details are obtain...
CVE-2008-2181
Multiple cross-site scripting XSS vulnerabilities in search.php in cpLinks 1.03 allow remote attackers to inject arbitrary web script or HTML via the 1 searchtext and 2 searchcategory parameters. NOTE: the XSS reportedly occurs in a forced SQL error message. NOTE: some of these details are obtain...
CVE-2008-1165
Flyspray 0.9.9–0.9.9.4 is affected by multiple XSS vulnerabilities. The issues arise from improper sanitization in task summaries and related parameters: (1) forced SQL error messages, (2) old_value/new_value fields, and specifically the item_summary parameter in index.php?do=details. These flaws...
CVE-2008-0605
Multiple cross-site scripting XSS vulnerabilities in AstroSoft HelpDesk before 1.95.228 allow remote attackers to inject arbitrary web script or HTML via the 1 txtSearch parameter to operator/article/articlesearchresults.asp and the 2 AttachId parameter to operator/article/articleattachment.asp...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in AstroSoft HelpDesk before 1.95.228 allow remote attackers to inject arbitrary web script or HTML via the 1 txtSearch parameter to operator/article/articlesearchresults.asp and the 2 AttachId parameter to operator/article/articleattachment.asp...