Exam Form Submission Cross-Site Scripting Vulnerability

Code-Projects Exam Form Submission is an open source exam form from Code-Projects. A cross-site scripting vulnerability exists in Exam Form Submission version 1.0 that originates from allowing an attacker to execute arbitrary code via Subject Name and Subject Code...

nodejs: Incorrect handling of certificate subject and issuer fields

A flaw was found in node.js, where it did not properly handle multi-value Relative Distinguished Names. This flaw allows a specially crafted x509 certificate to produce a false multi-value Relative Distinguished Name and to inject arbitrary data in node.js libraries...

WordPress plugin Thank Me Later 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. WordPress plugin Thank Me Later 3.3.4 and previous versions have a cross-site scripting vulnerability that stems from the plugin's failure to clean up and escape message subject fields before they are exported to the message list,...

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Ripe CMS: crossite scripting in http://site/contact-us with Name, address, Subject fields...

CVE-2002-1708

Cross-site scripting vulnerability XSS in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the 1 subject or 2 message fields...