Lucene search
K

353 matches found

Drupal
Drupal
added 2010/07/21 12:0 a.m.18 views

SA-CONTRIB 2010-075 - Tagging - Cross Site Scripting

The Tagging module provides an alternative input widget and other features for taxonomy terms. The module does not properly escape user-provided content submitted to free-tagging vocabularies displayed on node previews, leading to a Cross Site Scripting XSS vulnerability. Any user with permission...

6.3AI score
Exploits0References8
UbuntuCve
UbuntuCve
added 2010/03/19 7:30 p.m.26 views

CVE-2010-0736

Cross-site scripting XSS vulnerability in the viewqueryform function in lib/viewvc.py in ViewVC before 1.0.10, and 1.1.x before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via "user-provided input."...

4.3CVSS6AI score0.01691EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2010/03/19 7:0 p.m.43 views

CVE-2010-0736

Removed by vendor...

4.3CVSS6.7AI score0.01691EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2010/02/24 12:0 a.m.35 views

Debian DSA-1979-1 : lintian - multiple vulnerabilities

Multiple vulnerabilities have been discovered in lintian, a Debian package checker. The following Common Vulnerabilities and Exposures project ids have been assigned to identify them : - CVE-2009-4013: missing control files sanitation Control field names and values were not sanitised before using...

9.8CVSS8.5AI score0.05683EPSS
Exploits1References7
Exploit DB
Exploit DB
added 2008/12/08 12:0 a.m.18 views

PHPepperShop 1.4 - 'shop/Admin/SHOP_KONFIGURATION.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/32690/info PhPepperShop is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user i...

7.4AI score
Exploits0
NVD
NVD
added 2008/12/03 6:30 p.m.16 views

CVE-2008-5318

Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653...

5CVSS6.1AI score0.01268EPSS
Exploits0References7
Prion
Prion
added 2008/12/03 6:30 p.m.11 views

Design/Logic Flaw

Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653...

5CVSS6.5AI score0.01647EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2008/12/03 6:0 p.m.42 views

CVE-2008-5318

CVE-2008-5318 affects Tiki Wiki CMS Groupware prior to 2.2; the issue is described as an input sanitation weakness related to the size of user-provided input. Exploitation details and exact impact are not provided in the CVE description, but a public NES/OPENVAS entry classifies it as an input sa...

5CVSS6.4AI score0.01268EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2008/12/03 6:0 p.m.20 views

CVE-2008-5318

Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact and attack vectors related to "size of user-provided input," a different issue than CVE-2008-3653...

6.1AI score0.01268EPSS
Exploits0References7
Apache Tomcat
Apache Tomcat
added 2008/09/08 12:0 a.m.56 views

Fixed in Apache Tomcat 5.5.27

Low: Cross-site scripting CVE-2008-1232 The message argument of HttpServletResponse.sendError call is not only displayed on the error page, but is also used for the reason-phrase of HTTP response. This may include characters that are illegal in HTTP headers. It is possible for a specially crafted...

5CVSS7.5AI score0.75865EPSS
Exploits5Affected Software1
NVD
NVD
added 2007/03/07 9:19 p.m.27 views

CVE-2007-1325

The PMAArrayWalkRecursive function in libraries/common.lib.php in phpMyAdmin before 2.10.0.2 does not limit recursion on arrays provided by users, which allows context-dependent attackers to cause a denial of service web server crash via an array with many dimensions. NOTE: it could be argued tha...

7.1CVSS6.2AI score0.01715EPSS
Exploits0References11
OSV
OSV
added 2005/04/14 4:0 a.m.4 views

CVE-2005-0131

The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users...

6.4AI score
Exploits0References9
securityvulns
securityvulns
added 2002/05/28 12:0 a.m.28 views

Cross Site Scripting Vulnerability in phpBB2's [IMG] tag and remote avatar

phpBB2 Cross Site Scripting Vulnerability -------------------------------------------- Affected Program: phpBB2 version 2.0.0 possibly earlier versions too, but not tested Vendor: http://www.phpbb.com Vendor Status: informed on 24/04/2002, fixed issued on 20/05/2002 Discovery Date: 24/04/2002...

7.5AI score
Exploits0
Rows per page
Query Builder