Zope is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Input passed via the URL is not properly sanitised before being returned to the user within the search.php, sendmessage.php, showgroups.php, usercp.php, online.php, misc.php, memberlist.php, member.php, index.php, forumdisplay.php, inlinemod.php, newthread.php, private.php, profile.php, register.php, showthread.php, subscription.php, forum.php, faq.php, and calendar.php script. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
A reflected cross-site scripting vulnerability was found in the generic exception handler of Hyperic, located in hq/web/common/GenericError.jsp.
Input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
This update lists the module in Impact's WebApp view.
This update lists the module in Impact's WebApp view.
A cross-site scripting vulnerability is present in TestLink before 1.8.5 allowing remote attackers to inject arbitrary web script or HTML via the req parameter to login.php.
Input passed to the "s" parameter in index.php is not properly sanitised before being returned to the user in googleanalytics.php. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
A Reflected Cross Site Scripting vulnerability was found in the atksearch[contractnumber], atksearch_AE_customer[customer] and atksearchmode[contracttype] variables within the 'Organisation Contracts' administration page. This is because the application does not properly sanitise the users input.
osCommerce Online Merchant 2.2 RC2a is vulnerable to an Arbitrary File Upload without the need to be authenticated. This leads to arbitrary PHP code execution in the context of the webserver.
This module tries to install a RFI agent if the Web Application is vulnerable. It will fail if the webserver is not allowed to write on the document root of the vulnerable web application.
This module tries to install a RFI agent if the Web Application is vulnerable. It will fail if the webserver is not allowed to write on the document root of the vulnerable web application.
A Cross-Site Scripting (XSS) vulnerability in the Forum module in Drupal 6.x (proir to version 6.13) allows remote attackers to inject arbitrary web scripts or HTML by requesting a specially crafted tid.
The vulnerability is present only if the Forum module is activated, this is not the default configuration but the module is shipped by default with Drupal.
The vulnerability is present only if the Forum module is activated, this is not the default configuration but the module is shipped by default with Drupal.
A Cross-Site scripting vulnerability has been reported in Jetty. This vulnerability can be induced whenever Jetty displays a web directory listing. Client-side script code can be included in the HTTP response by appending it next to directory listing's path, preceded by a ';' character.