The vulnerability exists due to failure in the "/_layouts/help.aspx" script to properly sanitize user-supplied input in "cid0" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
Jetty versions 6.1.16 and below are vulnerables. A Cross-Site scripting vulnerability has been reported in Jetty. This vulnerability can be induced whenever Jetty displays a web directory listing. Client-side script code can be included in the HTTP response by appending it next to directory listing's path, preceded by a ';' character.
A reflected cross-site scripting vulnerability was found in the generic exception handler of Hyperic, located in hq/web/common/GenericError.jsp.
A reflected cross-site scripting vulnerability in eyeOS 2.3 can be exploited to execute arbitrary JavaScript.
A Cross-Site Scripting (XSS) vulnerability in the Forum module in Drupal 6.x (prior to version 6.13) allows remote attackers to inject arbitrary web scripts or HTML by requesting a specially crafted tid. Forum module must be active in the attacked Drupal
The application fails to sanitize the bug_id parameter in several pages such as edit_comment and edit_bug, leading to a cross site scripting vulnerability.
A Reflected Cross Site Scripting vulnerability was found in the atksearch[contractnumber], atksearch_AE_customer[customer] and atksearchmode[contracttype] variables within the 'Organization Contracts' administration page. This is because the application does not properly sanitize the users input. Vulnerable version is = 1.3.4.
This module exploits an authentication vulnerability in Wordpress 2.5. An attacker, able to register a specially crafted username on a Wordpress 2.5 installation, will also be able to generate authentication cookies for other chosen accounts. This vulnerability exists because it is possible to modify authentication cookies without invalidating the cryptographic integrity protection. The proper way to exploit this vulnerability is to use a Wordpress account which its username starts with the word "admin", for example "admin99".
A weakness has been reported in WordPress which can be exploited to bypass certain security restrictions. The weakness is due to a bug within the password reset functionality when verifying the secret key. This can be exploited to reset the password of the first user without a key in the database (usually administrator) without providing the correct secret key.
This module exploits an authentication vulnerability in OpenSite 2.1. The function init in origin/libs/user.php checks for a matching origin_hash cookie. However, this cookie can be bruteforced in at most 2^32 tries for a known username. Actually, the number of attempts could be significantly reduced knowing that we do not have to check for time in the future, and long past. This works for OpenSite 2.1 and below. It has to be executed against the root directory of OpenSite. The resulting SHA1 cookie has to be used to impersonate the admin on OpenSite putting it on the origin_hash cookie, setting all the others cookies with the default value.