An attacker can nest BBCode URL tags to trigger this issue and execute arbitrary code in a user's browser. Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing for theft of cookie-based authentication credentials. Other attacks are also possible.
The FatWire UpdateEngine is prone to multiple cross-site scripting vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary script code in the browser of a user visiting the affected site. This can lead to the theft of authentication credentials and other attacks.
The vulnerability allows an attacker to execute arbitrary script code in the browser of an unsuspecting user by injecting malicious input through the 'url' parameter in the '/loader.cfm' page. This can lead to the theft of authentication credentials and other attacks.
An attacker can exploit these vulnerabilities by enticing a user to visit a malicious site, causing a denial of service in the application.
The IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. An attacker can exploit these issues to include arbitrary local or remote files containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. Additionally, an attacker can exploit these issues to obtain the contents of local files.
An attacker can exploit these issues to include arbitrary local or remote files containing malicious PHP code and execute it in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. Additionally, an attacker can exploit these issues to obtain the contents of local files.
Dev Web Management System versions 1.5 and earlier are prone to multiple input validation vulnerabilities. These issues may allow SQL injection and cross-site scripting attacks.
Cerberus Helpdesk is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are the result of inadequate validation of user-supplied input that will be included in site output or in SQL queries. The cross-site scripting vulnerability may permit a remote attacker to steal cookie-based authentication credentials from legitimate users. Successful exploitation of SQL injection vulnerabilities could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Cerberus Helpdesk is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are the result of inadequate validation of user-supplied input that will be included in site output or in SQL queries.The cross-site scripting vulnerability may permit a remote attacker to steal cookie-based authentication credentials from legitimate users. Successful exploitation of SQL injection vulnerabilities could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
The Oracle Application Server Discussion Forum Portlet is affected by multiple remote vulnerabilities. The application is prone to a cross-site scripting vulnerability and multiple HTML injection vulnerabilities. It is also vulnerable to a source code disclosure vulnerability. An attacker can exploit these vulnerabilities to execute arbitrary script code, inject malicious HTML, and disclose sensitive source code information.
Services By CQR