221 matches found
Redmine <= 0.8.7 UTF-7 XSS Vulnerability
No description provided by source. Redmine = 0.8.7 UTF-7 XSS Vulnerability Discovered by: p0deje http://p0deje.blogspot.com Application: http://www.redmine.org/wiki/redmine/Download SA: - Date: 01.12.2009 Versions affected: = 0.8.7 Vulnerability: Cross-site Scripting Platform: Ruby Ruby On Rails...
DSA-1808-1 drupal6 - insufficient input sanitising
Bulletin has no description...
Cross site scripting
Cross-site scripting XSS vulnerability in the Print aka Printer, e-mail and PDF versions module 5.x before 5.x-4.7 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML by modifying a document head, before the Content-Type META element, to...
Fedora Core 9 FEDORA-2009-4997 (drupal)
The remote host is missing an update to drupal announced via advisory FEDORA-2009-4997. OpenVAS Vulnerability Test $Id: fcore20094997.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-4997 drupal Authors: Thomas Reinke Copyright: Copyright c 2009 E-So...
FreeBSD : drupal -- XSS (a6605f4b-4067-11de-b444-001372fd0af2)
The Drupal Security Team reports : When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte...
SA-CORE-2009-006 - Drupal core - Cross site scripting
When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte sequences that are valid in the UTF-...
drupal -- cross-site scripting
The Drupal Security Team reports: When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte...
Project Woodstock 404 Error Page UTF-7 Encoded XSS
The remote web server contains a web application built using Woodstock components, which are user interface components for the web- based on Java Server Faces and AJAX. Woodstock is part of Sun Glassfish Enterprise Server and can also be used with other Java web containers, such as JBoss, Tomcat,...
Cross site scripting
Cross-site scripting XSS vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATHINFO, which is displayed on the 404 error page, as...
CVE-2009-1554
Cross-site scripting XSS vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATHINFO, which is displayed on the 404 error page, as...
CVE-2009-1554
The CVE-2009-1554 issue affects Sun Woodstock 4.2 (as used in Sun GlassFish Enterprise Server and related products). The vulnerability is a cross-site scripting (XSS) flaw in ThemeServlet.java that allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in PATH_INFO, whi...
Sun Glassfish Woodstock Project 4.2 XSS
Digital Security Research Group DSecRG Advisory DSECRG-09-038 Original advisory: http://dsecrg.com/pages/vul/show.php?id=138 Application: Sun Glassfish Woodstock Project part of Glassfish Enterprise Server Versions Affected: 4.2 Vendor URL: https://woodstock.dev.java.net/ Bug: Linked XSS...
[DSECRG-09-038] Sun Glassfish Woodstock Project - Linked XSS Vulnerability
Digital Security Research Group DSecRG Advisory DSECRG-09-038 Original advisory: http://dsecrg.com/pages/vul/show.php?id=138 Application: Sun Glassfish Woodstock Project part of Glassfish Enterprise Server Versions Affected: 4.2 Vendor URL: https://woodstock.dev.java.net/ Bug: Linked XSS...
drupal -- cross site scripting
Drupal Security Team reports: When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte...
SA-CORE-2009-005 - Drupal core - Cross site scripting
When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte sequences that are valid in the UTF-...
Multiple browsers inherited charset crossite scripting
If age with undefined charset is displayed in frame, codepage of parent page is used. It makes it possible to conduct crossite scripting attack with e.g. UTF-7, EUC-JP SHIFTJIS charset...
Charset Remembering vulnerability в Mozilla Firefox
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Charset Remembering уязвимости в Mozilla Firefox. Данная уязвимость приводит к возможности проведения XSS атак с UTF-7. При указании пользователем для страницы на сайте кодировки в частности, UTF-7, браузер запоминает данную кодировку и использует...
Charset Inheritance vulnerability in Internet Explorer 6 и Google Chrome
Здравствуйте 3APA3A! Сообщаю вам о найденной мною Charset Inheritance уязвимости в Internet Explorer 6 и Google Chrome. В дополнение к ранее опубликованной информации http://securityvulns.ru/news/Browsers/Charset/XSS.html о данной уязвимости в других браузерах. Данная уязвимость в браузерах,...
Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting
Pages displayed inside an iframe will inherit the character encodingof the parent page, unless they specify their own character encoding.A malicious page that uses the UTF-7 character encoding can includeother sites, for example inside iframes. This can be exploited toperform cross-site scripting...
Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting – Opera Security Advisories
Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderate Problem description Pages displayed inside an iframe will inherit the character encodingof the parent page, unless they specify their own characte...