The OOApp Guestbook is vulnerable to a cross-site scripting (XSS) attack. This vulnerability occurs due to the lack of proper sanitization of user-supplied input in the application. An attacker can exploit this vulnerability by injecting arbitrary script code into the affected site, which can lead to the execution of malicious scripts in the browser of unsuspecting users. This can result in the theft of authentication credentials and other potential attacks.
Ades Design AdesGuestbook is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The vulnerability allows an attacker to bypass authentication and gain unauthorized access to a site. It can also lead to disclosure or modification of data and exploitation of vulnerabilities in the underlying database implementation.
The GMailSite web application is vulnerable to a cross-site scripting attack. An attacker can inject arbitrary script code into the browser of a user visiting the affected site, potentially allowing them to steal authentication credentials and perform other malicious actions.
An attacker can nest BBCode URL tags to trigger this issue and execute arbitrary code in a user's browser. Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. Other attacks are also possible.
The FatWire UpdateEngine is prone to multiple cross-site scripting vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a user visiting the affected site. This can lead to the theft of authentication credentials and other attacks.
The vulnerability allows an attacker to execute arbitrary script code in the browser of an unsuspecting user by injecting malicious input through the 'url' parameter in the '/loader.cfm' page. This can lead to the theft of authentication credentials and other attacks.
An attacker can exploit these vulnerabilities by enticing a user to visit a malicious site, causing a denial of service in the application.
The IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. An attacker can exploit these issues to include arbitrary local or remote files containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. Additionally, an attacker can exploit these issues to obtain the contents of local files.
An attacker can exploit these issues to include arbitrary local or remote files containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. Additionally, an attacker can exploit these issues to obtain the contents of local files.