16 matches found
EUVD-2009-2367
Malware in sbrugna...
EUVD-2021-27685
Malicious code in bioql PyPI...
CVE-2021-40509
ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature...
CVE-2021-40509
ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature...
Design/Logic Flaw
ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature...
CVE-2021-40509
ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature...
Coremail XT 跨站脚本漏洞
Coremail XT is a set of enterprise-class mail system from China Yingshi Computer Technology Company. The system supports sending and receiving emails, enterprise address book, enterprise cloud disk and schedule synchronization. A cross-site scripting vulnerability exists in jsp/upload.jsp in...
Cross site scripting
Cross-site scripting XSS vulnerability in AlgoSec FireFlow 6.3-b230 allows remote attackers to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html...
CVE-2014-4164
Cross-site scripting XSS vulnerability in AlgoSec FireFlow 6.3-b230 allows remote attackers to inject arbitrary web script or HTML via a user signature to SelfService/Prefs.html...
CVE-2012-2082
Cross-site scripting XSS vulnerability in the Chaos tool suite aka CTools module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject arbitrary web script or HTML via a user signature...
CVE-2009-2372
Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user...
CVE-2009-2371
The CVE-2009-2371 entry affects the Drupal module Advanced Forum (6.x) prior to 6.x-1.1. The issue arises when the module allows users to modify their signatures after the comment format has been switched to an administrator-controlled input format, enabling remote authenticated users to inject a...
CVE-2009-2372
Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibly PHP code via a crafted user...
Fedora 9 : drupal-6.13-1.fc9 (2009-7362)
Fixes SA-CORE-2009-007 http://drupal.org/node/507572 . Remember to log in to your site as the admin user before upgrading this package. After upgrading the package, browse to http://host/drupal/update.php to run the upgrade script. Multiple vulnerabilities and weaknesses were discovered in Drupal...
CVE-2005-2836
Multiple cross-site scripting XSS vulnerabilities in Phorum 5.0.17a and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the username parameter to register.php or 2 a signature of a logged-in user in "My Control Center," which is not properly handled by control.php...
Invision Power Board v2.0.3 XSS vulnerabilities
Invision Power Board v2.0.3 XSS vulnerabilities found more at user signature. when Admin read attacker topics, admin will lost his passhash example...