73 matches found
ZZcms - Cross-Site Scripting
ZZcms 2019 contains a cross-site scripting vulnerability in the user login page. An attacker can inject arbitrary JavaScript code in the referer header via user/login.php, which can allow theft of cookie-based credentials and launch of subsequent attacks. id: CVE-2020-20285 info: name: ZZcms -...
Cyphor 0.19 footer.php t_login Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/15047/info Cyphor is prone to multiple cross-site scripting and SQL injection vulnerabilities. Exploitation could allow for theft of cookie-based authentication credentials or unauthorized access to database data. Other...
PHP-Nuke MS-Analysis Module Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/9947/info It has been reported that MS-Analysis is prone to a multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user supplied URI parameters. These...
Basit 1.0 Submit Module Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7139/info A cross-site scripting vulnerability has been reported for Basit. This vulnerability occurs due to insufficient sanitization of some user-supplied input. As a result of this deficiency an attacker may exploit th...
EZHomePagePro 1.5 users_mgallery.asp usid Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/17236/info EZHomePagePro is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to...
phpMyAdmin 2.x server_databases.php XSS
No description provided by source. source: http://www.securityfocus.com/bid/15196/info phpMyAdmin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...
VegaDNS 0.8.1/0.9.8/0.9.9 Index.PHP Cross Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14538/info VegaDNS is vulnerable to cross-site scripting attacks. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script co...
VBulletin 1.0.1 lite/2.x/3.0 /admincp/index.php Multiple Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/14874/info vBulletin is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues t...
CheesyBlog 1.0 - Multiple HTML Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/16376/info CheesyBlog is prone to multiple HTML injection vulnerabilities. These issues are due to a lack of proper sanitization of user-supplied input before using it in dynamically generated content. Attacker-supplied...
SCI Photo Chat 3.4.9 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10648/info SCI Photo Chat is reported susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. The web server component of SCI Ch...
SiteTurn Domain Manager Pro Admin Panel Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15186/info Domain Manager Pro is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have...
Gastebuch 1.3.2 Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16615/info Gastebuch is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated HTML content. ...
PHPFreeNews 1.40 NewsCategoryForm.php NewsMode Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/14590/info PHPFreeNews is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues...
Woltlab Burning Board 2.3.4 Misc.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16959/info Woltlab Burning Board is prone to a cross-site scripting vulnerability. This issue is due to a lack of proper sanitization of user-supplied input. An attacker may leverage this issue to have arbitrary script co...
PHPDocumentor 1.2/1.3 Forum Lib Variable Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16101/info phpDocumentor is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...
Citrix Metaframe XP Cross-site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8939/info Citrix Metaframe XP is prone to cross-site scripting attacks when returning error messages to users. The error message is generated when invalid authentication credentials are transmitted to the log-in page...
FuseTalk Forum 4.0 - Multiple Cross-Site Scripting Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/11407/info FuseTalk Forum is reported prone to multiple input validation vulnerabilities. These issues may allow a remote attacker to carry out cross-site scripting attacks. The cause of these issues is insufficient...
Xoops Pool Module IMG Tag HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16189/info The XOOPS Pool Module is prone to an HTML injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in dynamically generated content...
CPAINT 1.3/2.0 TYPE.PHP Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16559/info CPAINT is prone to a cross-site scripting vulnerability. This issue affects the 'type.php' script and may facilitate the theft of cookie-based authentication credentials as well as other attacks. CPAINT 2.0.2 a...
MegaBook 2.0/2.1 Admin.CGI EntryID Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/13522/info MegaBook is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary scrip...