Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FetchTheme function. An authenticated attacker can access internal resources or services by supplying crafted input to the uri argument. Remediation There is no fixed version for...

PT-2025-31976

Name of the Vulnerable Software and Affected Versions XBMC versions prior to the 2012-11-04 nightly release XBMC version 11 Description XBMC version 11, including builds up to the 2012-11-04 nightly release, contains a path traversal vulnerability in its embedded HTTP server. When accessed via HT...

Improper Validation Of Syntactic Correctness Of Input

org.eclipse.jetty:jetty-server is vulnerable to Improper Validation of Syntactic Correctness of Input via the HttpURI class. The vulnerability is due to insufficient validation on the authority segment of a URI. An attacker can manipulate the URI parsing to redirect requests or initiate server-si...

UBBCentral UBB.threads 6.2.3/6.5 online.php Cat Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/11900/info It is reported that UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input prior to including...

PhpGedView 2.x Descendancy.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11868/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remo...

Rhino Software Zaep AntiSpam 2.0 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10139/info It has been reported that Zaep AntiSpam is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user supplied URI input. This issue could permit ...

PhpGedView 2.5/2.6 Individual.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11882/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remo...

UBBCentral UBB.threads 6.2.3/6.5 login.php Cat Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/11900/info It is reported that UBB.threads is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input prior to including...

PHP-Nuke 6.x/7.x Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12561/info It is reported that PHP-Nuke is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These issues could...

PhpGedView 2.5/2.6 Login.PHP URL Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11903/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remo...

Goolery 0.3 viewpic.php conversation_id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/11587/info It is reported that Goollery is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These problems presen...

PhpGedView 2.5/2.6 Login.PHP Newlanguage Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11905/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remo...

VirtuaSystems VirtuaNews 1.0.x Multiple Module Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/9812/info It has been reported that the VirtuaNews non-default modules 'Files' and 'Vulns' are prone to multiple cross-site scripting vulnerabilities. These problems surround the application's failure to properly validate...

WordPress 1.2 categories.php cat_ID Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/11268/info It is reported that Wordpress is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. Wordpress 1.2 is...

Mambo Open Source 4.5 index.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/9890/info It has been reported that the Mambo 'index.php' script is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly validate user supplied URI input. This issue...

Zwiki 0.10/0.36.2 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11745/info It is reported that Zwiki is susceptible to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input prior to including it in dynamic...

Mambo Open Source 4.5 Index.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9891/info It has been reported that the Mambo 'index.php' script is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly validate user supplied URI input. As a result of...

PhpGedView 2.5/2.6 Index.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11880/info It is reported that PhpGedView is affected by a cross-site scripting vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue could permit a remo...

dsm light web file browser 2.0 - Directory Traversal vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10381/info DSM Light has been reported to be prone to a directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize user-supplied URI input. This issue would allow an attacker...

Goolery 0.3 viewalbum.php page Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/11587/info It is reported that Goollery is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These problems presen...