353 matches found
SA-CONTRIB 2010-075 - Tagging - Cross Site Scripting
The Tagging module provides an alternative input widget and other features for taxonomy terms. The module does not properly escape user-provided content submitted to free-tagging vocabularies displayed on node previews, leading to a Cross Site Scripting XSS vulnerability. Any user with permission...
CVE-2010-0736
Cross-site scripting XSS vulnerability in the viewqueryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input."...
CVE-2010-0736
Removed by vendor...
Debian DSA-1979-1 : lintian - multiple vulnerabilities
Multiple vulnerabilities have been discovered in lintian, a Debian package checker. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them : - CVE-2009-4013: missing control files sanitation Control field names and values were not sanitised before using...
PHPepperShop 1.4 - 'shop/Admin/SHOP_KONFIGURATION.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/32690/info PhPepperShop is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...
CVE-2008-5318
Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653...
Design/Logic Flaw
Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653...
CVE-2008-5318
CVE-2008-5318 affects Tiki Wiki CMS Groupware prior to 2.2; the issue is described as an input sanitation weakness related to the size of user-provided input. Exploitation details and exact impact are not provided in the CVE description, but a public NES/OPENVAS entry classifies it as an input sa...
CVE-2008-5318
Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653...
Fixed in Apache Tomcat 5.5.27
Low: Cross-site scripting CVE-2008-1232 The message argument of HttpServletResponse.sendError call is not only displayed on the error page, but is also used for the reason-phrase of HTTP response. This may include characters that are illegal in HTTP headers. It is possible for a specially crafted...
CVE-2007-1325
The PMAArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service web server crash via an array with many dimensions. NOTE: it could be argued tha...
CVE-2005-0131
The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users...
Cross Site Scripting Vulnerability in phpBB2's [IMG] tag and remote avatar
phpBB2 Cross Site Scripting Vulnerability -------------------------------------------- Affected Program: phpBB2 version 2.0.0 possibly earlier versions too, but not tested Vendor: http://www.phpbb.com Vendor Status: informed on 24/04/2002, fixed issued on 20/05/2002 Discovery Date: 24/04/2002...