A reflected cross-site scripting vulnerability in eyeOS 2.3 can be
exploited to execute arbitrary JavaScript.
exploited to execute arbitrary JavaScript.
The application fails to sanitize the bug_id parameter in several pages such as edit_comment and edit_bug, leading to a cross site scripting vulnerability.
Moodle fails to sanitize the phpcoverage_home parameter in phpcoverage.remote.top.inc.php leading to a Cross-Site Scripting vulnerability.
A cross site scripting vulnerability in the context parameter in webconsole/faces/jsf/tips.jsp.
Report.php fails to sanitize user input data on StartingDirectory parameter when used in an include.
There is a possible reflected Cross-Site Scripting attack. An attacker able to cause a user to follow a specially crafted malicious link may be able to recover session identifiers or exploit browser vulnerabilities. The template parameter is vulnerable.
Some parameters were not being properly cleaned on the blog index page, allowing non-persistent cross-site scripting (XSS) attacks.
The vulnerability exists due to failure in the "/_layouts/help.aspx" script to properly sanitize user-supplied input in "cid0" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
The application is prone to a cross-site scripting vulnerability because
it fails to sufficiently sanitize user-supplied input to the 'query'
parameter of the search pages. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
vBulletin 4.0.2 is vulnerable. This issue does not affect vBulletin 3.x
versions.
it fails to sufficiently sanitize user-supplied input to the 'query'
parameter of the search pages. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
vBulletin 4.0.2 is vulnerable. This issue does not affect vBulletin 3.x
versions.
This vulnerability results from a reflected unsanitized input that can be crafted into an attack by a malicious user by manipulating the 'mode' parameter of the xml/media-rss.php script.
Version 1.5.1 is verified as vulnerable, older versions are probably vulnerable too but they were not tested at this time.
Version 1.5.1 is verified as vulnerable, older versions are probably vulnerable too but they were not tested at this time.