Lucene search
K

221 matches found

seebug.org
seebug.org
added 2009/12/19 12:0 a.m.27 views

Redmine <= 0.8.7 UTF-7 XSS Vulnerability

No description provided by source. Redmine = 0.8.7 UTF-7 XSS Vulnerability Discovered by: p0deje http://p0deje.blogspot.com Application: http://www.redmine.org/wiki/redmine/Download SA: - Date: 01.12.2009 Versions affected: = 0.8.7 Vulnerability: Cross-site Scripting Platform: Ruby Ruby On Rails...

7.1AI score
Exploits0
OSV
OSV
added 2009/06/01 12:0 a.m.14 views

DSA-1808-1 drupal6 - insufficient input sanitising

Bulletin has no description...

3.5CVSS6.4AI score0.00856EPSS
Exploits0
Prion
Prion
added 2009/05/29 4:30 p.m.19 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Print aka Printer, e-mail and PDF versions module 5.x before 5.x-4.7 and 6.x before 6.x-1.7, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML by modifying a document head, before the Content-Type META element, to...

2.6CVSS6AI score0.01604EPSS
Exploits0References6Affected Software1
OpenVAS
OpenVAS
added 2009/05/20 12:0 a.m.21 views

Fedora Core 9 FEDORA-2009-4997 (drupal)

The remote host is missing an update to drupal announced via advisory FEDORA-2009-4997. OpenVAS Vulnerability Test $Id: fcore20094997.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-4997 drupal Authors: Thomas Reinke Copyright: Copyright c 2009 E-So...

5CVSS0.3AI score0.02502EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2009/05/18 12:0 a.m.16 views

FreeBSD : drupal -- XSS (a6605f4b-4067-11de-b444-001372fd0af2)

The Drupal Security Team reports : When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte...

5.7AI score
Exploits0References2
Drupal
Drupal
added 2009/05/13 12:0 a.m.492 views

SA-CORE-2009-006 - Drupal core - Cross site scripting

When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte sequences that are valid in the UTF-...

5.9AI score
Exploits0References7
FreeBSD
FreeBSD
added 2009/05/13 12:0 a.m.23 views

drupal -- cross-site scripting

The Drupal Security Team reports: When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte...

5.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2009/05/11 12:0 a.m.50 views

Project Woodstock 404 Error Page UTF-7 Encoded XSS

The remote web server contains a web application built using Woodstock components, which are user interface components for the web- based on Java Server Faces and AJAX. Woodstock is part of Sun Glassfish Enterprise Server and can also be used with other Java web containers, such as JBoss, Tomcat,...

4.3CVSS5.4AI score0.04046EPSS
Exploits1References4
Prion
Prion
added 2009/05/06 4:30 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATHINFO, which is displayed on the 404 error page, as...

4.3CVSS6.1AI score0.04046EPSS
Exploits1References9Affected Software1
Cvelist
Cvelist
added 2009/05/06 4:0 p.m.25 views

CVE-2009-1554

Cross-site scripting XSS vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATHINFO, which is displayed on the 404 error page, as...

5.6AI score0.04046EPSS
Exploits1References9
CVE
CVE
added 2009/05/06 4:0 p.m.69 views

CVE-2009-1554

The CVE-2009-1554 issue affects Sun Woodstock 4.2 (as used in Sun GlassFish Enterprise Server and related products). The vulnerability is a cross-site scripting (XSS) flaw in ThemeServlet.java that allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in PATH_INFO, whi...

4.3CVSS5.8AI score0.04046EPSS
Exploits1References9Affected Software1
Packet Storm
Packet Storm
added 2009/05/05 12:0 a.m.28 views

Sun Glassfish Woodstock Project 4.2 XSS

Digital Security Research Group DSecRG Advisory DSECRG-09-038 Original advisory: http://dsecrg.com/pages/vul/show.php?id=138 Application: Sun Glassfish Woodstock Project part of Glassfish Enterprise Server Versions Affected: 4.2 Vendor URL: https://woodstock.dev.java.net/ Bug: Linked XSS...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2009/05/05 12:0 a.m.54 views

[DSECRG-09-038] Sun Glassfish Woodstock Project - Linked XSS Vulnerability

Digital Security Research Group DSecRG Advisory DSECRG-09-038 Original advisory: http://dsecrg.com/pages/vul/show.php?id=138 Application: Sun Glassfish Woodstock Project part of Glassfish Enterprise Server Versions Affected: 4.2 Vendor URL: https://woodstock.dev.java.net/ Bug: Linked XSS...

6.5AI score
Exploits0
FreeBSD
FreeBSD
added 2009/04/30 12:0 a.m.22 views

drupal -- cross site scripting

Drupal Security Team reports: When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte...

5.9AI score
Exploits0References1
Drupal
Drupal
added 2009/04/29 12:0 a.m.496 views

SA-CORE-2009-005 - Drupal core - Cross site scripting

When outputting user-supplied data Drupal strips potentially dangerous HTML attributes and tags or escapes characters which have a special meaning in HTML. This output filtering secures the site against cross site scripting attacks via user input. Certain byte sequences that are valid in the UTF-...

5.6AI score
Exploits0References9
securityvulns
securityvulns
added 2009/03/06 12:0 a.m.80 views

Multiple browsers inherited charset crossite scripting

If age with undefined charset is displayed in frame, codepage of parent page is used. It makes it possible to conduct crossite scripting attack with e.g. UTF-7, EUC-JP SHIFTJIS charset...

5.8CVSS2.7AI score0.1161EPSS
Exploits0References4Affected Software2
securityvulns
securityvulns
added 2009/02/04 12:0 a.m.47 views

Charset Remembering vulnerability в Mozilla Firefox

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Charset Remembering уязвимости в Mozilla Firefox. Данная уязвимость приводит к возможности проведения XSS атак с UTF-7. При указании пользователем для страницы на сайте кодировки в частности, UTF-7, браузер запоминает данную кодировку и использует...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2009/02/01 12:0 a.m.46 views

Charset Inheritance vulnerability in Internet Explorer 6 и Google Chrome

Здравствуйте 3APA3A! Сообщаю вам о найденной мною Charset Inheritance уязвимости в Internet Explorer 6 и Google Chrome. В дополнение к ранее опубликованной информации http://securityvulns.ru/news/Browsers/Charset/XSS.html о данной уязвимости в других браузерах. Данная уязвимость в браузерах,...

5.8AI score
Exploits0
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.13 views

Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting

Pages displayed inside an iframe will inherit the character encodingof the parent page, unless they specify their own character encoding.A malicious page that uses the UTF-7 character encoding can includeother sites, for example inside iframes. This can be exploited toperform cross-site scripting...

2.4AI score
Exploits0Affected Software1
Opera Security Advisories
Opera Security Advisories
added 2008/12/16 12:0 a.m.7 views

Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting – Opera Security Advisories

Character Encoding Inheritance in iframes Can Enable Cross-Site Scripting – Opera Security Advisories OPCOM Team | December 16, 2008 Severity Moderate Problem description Pages displayed inside an iframe will inherit the character encodingof the parent page, unless they specify their own characte...

5.6AI score
Exploits0References1
Rows per page
Query Builder