The WampServer software is prone to a cross-site scripting vulnerability. This vulnerability occurs because the software fails to properly sanitize user-supplied input. An attacker can exploit this issue by injecting arbitrary script code in the affected site's context. This can lead to the theft of authentication credentials and the execution of other malicious actions.
The application is prone to multiple input-validation vulnerabilities. These include a cross-site scripting vulnerability and multiple file-upload vulnerabilities. Attackers can exploit these vulnerabilities to execute arbitrary script code, steal authentication credentials, upload and execute arbitrary code, and facilitate unauthorized access or privilege escalation.
The Sinapis 2.2 Gastebuch script is vulnerable to Remote File Inclusion (RFI) attack. The vulnerability allows an attacker to include a remote file hosted on a malicious server, which can lead to remote code execution or other malicious activities.
The 'com_recipe' component for Joomla! is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The Social Web CMS is vulnerable to a cross-site scripting (XSS) attack due to inadequate input sanitization. An attacker can exploit this vulnerability to execute malicious script code in the browser of a victim user within the affected site's context. This can lead to the theft of authentication credentials stored in cookies and enable further attacks.
The Subex Nikira Fraud Management System GUI is vulnerable to a cross-site scripting (XSS) attack due to inadequate input sanitization. An attacker can exploit this vulnerability by injecting malicious script code into user-supplied input. Upon execution, the injected script code can run in the victim's browser, potentially allowing the attacker to steal authentication credentials and carry out other malicious activities.
SphereCMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The PortWise SSL VPN is vulnerable to a cross-site scripting (XSS) attack due to inadequate input sanitization. An attacker can exploit this vulnerability to inject and execute arbitrary script code in the browser of a targeted user, within the context of the affected site. This can lead to the theft of cookie-based authentication credentials and enable the attacker to launch further attacks.
New-CMS is prone to multiple local file-include vulnerabilities and an HTML-Injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include vulnerabilities using directory-traversal strings to view and execute a crafted 'cmd.php' script within the context of the webserver process. Information harvested may aid in further attacks. The attacker may leverage the HTML-Injection issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
The EziScript Google Page Rank is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Services By CQR