531 matches found
DOM XSS in dhtmlHistory.js when using IE
In the createIE function inside dhtmlHistory.js|https://stash.atlassian.com/projects/JIRA/repos/jira/browse/jira-components/jira-webapp/src/main/webapp/includes/lib/dhtmlhistory/dhtmlHistory.js333 the value of the fragment identifier, is concatenated to create the html of an iframe without first...
CVE-2013-1857
The sanitize helper in lib/actioncontroller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2.13 does not properly handle encoded : colon characters in URLs, which makes it easier for remote...
CVE-2012-6431
CVE-2012-6431 affects Symfony 2.0.x (from 2.0.0 through 2.0.19), where the Routing and Security components mishandle URL-encoded data, allowing a doubly encoded string to bypass URI restrictions. The root cause is a double-decoding flow: UrlMatcher decodes the path again while RequestMatcher does...
X-Cart Gold 4.5 - products_map.php?symb Cross-Site Scripting
X-Cart Gold 4.5 - productsmap.php?symb Cross-Site Scripting Exploit Title: X-Cart Gold 4.5 productsmap.php symb parameter XSS Vulnerability Date: Jul 21 2012 Author: muts Version: X-Cart Gold 4.5 Vendor URL: http://www.x-cart.com/ X-Cart Gold implements a degree of XSS filtering but it is...
X-Cart Gold 4.5 - 'products_map.php?symb' Cross-Site Scripting
Exploit Title: X-Cart Gold 4.5 productsmap.php symb parameter XSS Vulnerability Date: Jul 21 2012 Author: muts Version: X-Cart Gold 4.5 Vendor URL: http://www.x-cart.com/ X-Cart Gold implements a degree of XSS filtering but it is incomplete. The "symb" parameter of "productsmap.php" is vulnerable...
X-Cart Gold 4.5 (products_map.php symb parameter) XSS Vulnerability
Exploit for php platform in category web applications Exploit Title: X-Cart Gold 4.5 productsmap.php symb parameter XSS Vulnerability Date: Jul 21 2012 Author: muts Version: X-Cart Gold 4.5 Vendor URL: http://www.x-cart.com/ X-Cart Gold implements a degree of XSS filtering but it is incomplete. T...
CVE-2011-4290
Multiple cross-site scripting XSS vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding...
CVE-2011-4290
Multiple cross-site scripting XSS vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding...
CVE-2011-4290
Multiple cross-site scripting XSS vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding...
CVE-2011-4290
CVE-2011-4290 involves Moodle 1.9.x before 1.9.12. The vulnerability is in the file lib/weblib.php (Moodle’s web library) and results from issues with URL encoding that enable multiple cross-site scripting (XSS) flaws. Exploitation allows remote attackers to inject arbitrary script/HTML. The docu...
PT-2012-1838 · Moodle · Moodle
Name of the Vulnerable Software and Affected Versions: Moodle versions 1.9.x through 1.9.11 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The vulnerabilities are related to UR...
Debian: Security Advisory (DSA-2262-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 2262-1] moodle security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2262-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 15, 2011 http://www.debian.org/security/faq -...
DSA-2262-1 moodle - several
Bulletin has no description...
Debian DSA-2262-1 : moodle - several vulnerabilities
Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning : - MSA-11-0002 Cross-site request forgery vulnerability in RSS block - MSA-11-0003 Cross-site scripting vulnerability in tag autocomplete - MSA-11-0008 IMS...
[SECURITY] [DSA 2262-1] moodle security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2262-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff June 15, 2011 http://www.debian.org/security/faq -...
ecshop modify any user password vulnerability XSS exploit-vulnerability warning-the black bar safety net
Currently ecshop presence of the reflection typeXSS, you can use, if the secondary development existXSSor other CSRF problem, then use more. Once encountered this problem, slightly affected by its damage) ByXSSstructure post submission of personal information is modified, the modification is...
Axigen Webmail 7.4.1 Directory Traversal
We are continuing with the list of security vulnerabilities found in a number of web applications while testing our latest version of Acunetix WVS v7 . In this blog post, we will look into the details of a very serious web vulnerability discovered by Acunetix WVS in Axigen. "Axigen is an integrat...
Ubuntu: Security Advisory (USN-788-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...