Categories

Applications (151)
Blogs (3)
Content Management (101)
Customer Relationship (2)
Discussion Boards (19)
E-Commerce (8)
General Purpose Directories (1)
Image Galleries (15)
Mailing Lists (1)
Tips (3)
Vulnerabilities (249)
Access Bypass (42)
Cross Site Scripting (94)
Denial Of Service (2)
File Inclusion (40)
Information Disclosure (13)
Privilege Escalation (2)
Remote Command Execution (12)
Session Hijacking (1)
SQL Injection (84)

Archive for the 'Cross Site Scripting' Category

Simple Gallery XSS

Published by TL Guan April 18th, 2008 in Cross Site Scripting and Image Galleries.

Application: Simple Gallery
Affected Version: 2.2 and other versions.
Vendor’s URL: Simple Gallery
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

cpCommerce Multiple Vulnerabilities

Published by TL Guan April 18th, 2008 in Cross Site Scripting, E-Commerce and SQL Injection.

Application: cpCommerce
Affected Version: 1.1.0 and other versions.
Vendor’s URL: cpCommerce
Bug Type: Cross Site Scripting and SQL injection
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized and verified.

OSI Affiliate XSS

Published by TL Guan April 18th, 2008 in Cross Site Scripting.

Application: OSI Affiliate
Affected Version:
Vendor’s URL: OSI Affiliate
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

CubeCart Two XSS

Published by TL Guan April 18th, 2008 in Cross Site Scripting and E-Commerce.

Application: CubeCart
Affected Version: 4.2.1 and other versions.
Vendor’s URL: CubeCart
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

Photo Cart “amessage” XSS

Published by TL Guan April 18th, 2008 in Cross Site Scripting and E-Commerce.

Application: Photo Cart
Affected Version: 4.1 and other versions.
Vendor’s URL: Photo Cart
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Apply patch. http://www.picturespro.com/sp/

phpAddressBook Multiple Vulnerabilities

Published by TL Guan April 18th, 2008 in Cross Site Scripting, File Inclusion and Information Disclosure.

Application: phpAddressBook
Affected Version: 2.11 and other versions.
Vendor’s URL: phpAddressBook
Bug Type: Cross Site Scripting and file inclusion
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified and sanitized.

Gallarific Multiple Vulnerabilities

Published by TL Guan March 21st, 2008 in Access Bypass, Cross Site Scripting and Image Galleries.

Application: Gallarific
Affected Version: Gallarific Free Edition 1.1 and other versions.
Vendor’s URL: http://www.gallarific.com/
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Critical

Solution:
Use another product, or disable it until the patch is released.

EasyCalendar SQL Injection and XSS

Published by TL Guan March 20th, 2008 in Applications, Cross Site Scripting and SQL Injection.

Application: EasyCalendar
Affected Version: 4.0tr and other versions.
Vendor’s URL: EasyCalendar
Bug Type: SQL Injection and Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

TikiWiki Script Insertion Vulnerability

Published by TL Guan March 20th, 2008 in Content Management and Cross Site Scripting.

Application: Tikiwiki
Affected Version: prior to 1.9.10.1.
Vendor’s URL: http://tikiwiki.org/
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.9.10.1.

Plume CMS “dir” XSS

Published by TL Guan March 20th, 2008 in Content Management and Cross Site Scripting.

Application: Plume CMS
Affected Version: 1.2.2 and other versions.
Vendor’s URL: http://www.plume-cms.net/
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

WordPress Sniplets Plugin Multiple Vulnerabilities

Published by TL Guan March 20th, 2008 in Access Bypass, Content Management and Cross Site Scripting.

Application: WordPress
Affected Version: 1.2.2 and other versions.
Vendor’s URL: http://urbangiraffe.com/plugins/sniplets/
Bug Type: Cross Site Scripting and Security Bypass
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly verified and sanitized.

Drupal Multiple Script Insertion Vulnerabilities

Published by TL Guan March 20th, 2008 in Content Management and Cross Site Scripting.

Application: Drupal
Affected Version: 6.0 and other versions.
Vendor’s URL: http://drupal.org/
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Update to version 6.1.

PunBB Password Change and XSS

Published by TL Guan February 22nd, 2008 in Cross Site Scripting and Discussion Boards.

Application: PunBB
Affected Version: 1.2.16 and other versions.
Vendor’s URL: http://www.punbb.org/
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.2.17.

WordPress Search Unleashed Plugin Script Insertion

Published by TL Guan February 22nd, 2008 in Content Management and Cross Site Scripting.

Application: WordPress Search Unleashed Plugin
Affected Version: version 0.2.10.
Vendor’s URL: http://urbangiraffe.com/plugins/search-unleashed/
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Will be fixed in version 0.2.11.

WordPress DMSGuestbook Plugin Multiple Vulnerabilities

Published by TL Guan February 22nd, 2008 in Content Management and Cross Site Scripting.

Application: WordPress DMSGuestbook Plugin
Affected Version: 1.8.0 and other versions.
Vendor’s URL: WordPress DMSGuestbook Plugin
Bug Type: Cross Site Scripting
Risk Level: Critical

Solution:
Edit the source code to ensure that input is properly sanitized.

Webmin / Usermin “search” XSS

Published by TL Guan February 22nd, 2008 in Cross Site Scripting.

Application: Webmin / Usermin
Affected Version: Webmin version 1.390, Usermin version 1.320 and other versions.
Vendor’s URL: http://www.webmin.com/
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to Webmin 1.400 or Usermin 1.330.

Simple Machines Forum SMF Shoutbox Mod Script Insertion

Published by TL Guan February 22nd, 2008 in Cross Site Scripting and Discussion Boards.

Application: Simple Machines Forum SMF
Affected Version: 1.16b and other versions.
Vendor’s URL: Simple Machines Forum SMF
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

WordPress WP-Footnotes Plugin “admin_panel.php” XSS

Published by TL Guan February 22nd, 2008 in Content Management and Cross Site Scripting.

Application: Wordpress
Affected Version: 2.2 and other versions.
Vendor’s URL: WordPress WP-Footnotes Plugin
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Edit the source code to ensure that input is properly sanitized.

MediaWiki XSS Vulnerability

Published by TL Guan February 22nd, 2008 in Content Management and Cross Site Scripting.

Application: MediaWiki
Affected Version: 1.11 < = 1.11.0rc1, 1.10 <= 1.10.2, 1.9 <= 1.9.4, 1.8 any version (if $wgEnableAPI has been switched on)
Vendor’s URL: http://wikipedia.sourceforge.net/
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 1.11.1, 1.10.3, or 1.9.5.

Drupal Archive Module Unspecified XSS

Published by TL Guan February 22nd, 2008 in Content Management and Cross Site Scripting.

Application: Drupal Archive Module
Affected Version: before 5.x-1.8.
Vendor’s URL: http://drupal.org/project/archive
Bug Type: Cross Site Scripting
Risk Level: Medium

Solution:
Update to version 5.x-1.8.

About

You are currently browsing the Exabytes Security Portal weblog archives for the Cross Site Scripting category.

Longer entries are truncated. Click the headline of an entry to read it in its entirety.

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional