[CLOSE] OSVDB ID : 49463 - Disclosed: 2008-10-05

Description:

Cross-site scripting occurs on POST where the "pagetitle" & "subheader" variables don't properly sanitize input upon submission to the /admin/index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 49464 - Disclosed: 2008-10-05

Description:

CompactCMS 1.1 and earlier contains a flaw that allows a remote Cross-Site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps and/or confirmation for sensitive transactions. By using a crafted URL (e.g. a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 47946 - Disclosed: 2008-09-03

Description:

Avactis Shopping Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'step_id' and 'CHECKOUT_CZ_BLOWFISH_KEY' variables upon submission to the 'checkout.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 47842 - Disclosed: 2008-08-28

Description:

Input passed to the "inactive" parameter in index.php (when "m" is set to "tasks"), "date" in index.php (when "m" is set to "calendar" and "a" to "day_view"), "callback" in index.php (when "m" is set to "public", "a" is set to "calendar", and "dialog" is set to "1"), and "type" in index.php (when "m" is set to "ticketsmith") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Input passed to the "event_title" and "event_description" parameters in index.php (when "m" is set to "calendar") is not properly sanitised before being used. This can exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site if the malicious event is viewed. 5) Input passed to the "company_name", "company_email", "company_phone1", "company_phone2", "company_fax", "company_address1", "company_address2", "company_city", "company_state", "company_zip", "company_primary_url", and "company_description" parameters in index.php (when "m" is set to "companies") is not properly sanitised before being used. This can exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site if the malicious company details are viewed.

[CLOSE] OSVDB ID : 47554 - Disclosed: 2008-08-10

Description:

Papoo CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'suchanzahl' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 47202 - Disclosed: 2008-07-30

Description:

BookMine contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the events.cfm script not properly sanitizing user-supplied input to the "events_id" variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database. Additionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 47203 - Disclosed: 2008-07-30

Description:

BookMine contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "gallery" and "search_string" variables upon submission to the search.cfm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 47083 - Disclosed: 2008-07-21

Description:

JOBBEX JobSite contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "opt" variables upon submission to the search_result.cfm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 47084 - Disclosed: 2008-07-21

Description:

JOBBEX JobSite contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search_result.cfm script not properly sanitizing user-supplied input to the "jobcountryid" and "jobstateid" variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 46513 - Disclosed: 2008-06-19

Description:

Trac contains a flaw that allows a remote cross site redirection attack. This flaw exists because the application does not validate the "q" variable upon submission to the search script. This could allow a user to create a specially crafted URL that would allow malicious redirection in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 46150 - Disclosed: 2008-06-16

Description:

Lyris ListManager contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "words" variable upon submission to read/search/results. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 46050 - Disclosed: 2008-06-10

Description:

PHP Image Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'action' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 45652 - Disclosed: 2008-05-28

Description:

DT Centrepiece contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'searchFor' variables upon submission to the 'search.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 45653 - Disclosed: 2008-05-28

Description:

DT Centrepiece contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'search.asp' script not properly sanitizing user-supplied input to the 'searchFor' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 45616 - Disclosed: 2008-05-23

Description:

Sava CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.cfm' script not properly sanitizing user-supplied input to the 'LinkServID' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 45615 - Disclosed: 2008-05-23

Description:

Sava CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keywords' parameter upon submission to the 'index.cfm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 45371 - Disclosed: 2008-05-20

Description:

dotCMS 1.x contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "search_query" variable upon submission to the search-results.dot script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 45171 - Disclosed: 2008-05-15

Description:

phpVID contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'query' variable upon submission to the search_results.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 45045 - Disclosed: 2008-05-13

Description:

Build A Niche Store (BANS) 3.0 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "q" variable upon submission to the search script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 44876 - Disclosed: 2008-05-09

Description:

InfoBiz Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keywords' parameter upon submission to the 'search_results.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 44946 - Disclosed: 2008-05-02

Description:

Bitrix Site Manager contains a flaw that allows a remote cross site redirection attack. This flaw exists because the application does not validate the "goto" variable upon submission to the redirect.php script. This could allow a user to create a specially crafted URL that would allow malicious redirection in a user's browser to an arbitrary web site, without user interaction.

[CLOSE] OSVDB ID : 44567 - Disclosed: 2008-04-23

Description:

Magnolia Enterprise Edition Sitedesigner contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'query' variable upon submission to the the Magnolia Enterprise Edition Sitedesigner search template script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 44474 - Disclosed: 2008-04-22

Description:

ContRay contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'search' variable upon submission to the 'cgi-bin/contray/search.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 44373 - Disclosed: 2008-04-15

Description:

WORK system e-commerce contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "day", "month", and "year" variables upon submission to the module/main.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 44014 - Disclosed: 2008-04-04

Description:

e-Classifieds Corporate Edition contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "db" variable upon submission to the hsx/classifieds.hsx script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 43984 - Disclosed: 2008-04-03

Description:

Simple Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "album" variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 44000 - Disclosed: 2008-04-03

Description:

Smart Classified ADS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "AdNum" and "Department" variables upon submission to the view.cgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 44001 - Disclosed: 2008-04-03

Description:

Smart Photo ADS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "AdNum" and "Department" variables upon submission to the view.cgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 43894 - Disclosed: 2008-03-31

Description:

JV2 Folder Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "image" variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 43909 - Disclosed: 2008-03-31

Description:

JV2 Quick Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "f" variable upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 43688 - Disclosed: 2008-03-24

Description:

Photo Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'amessage' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 43110 - Disclosed: 2008-03-13

Description:

Polymita BPM-Suite and CollagePortal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "_q" and "lucene_index_field_value" variables upon submission to the script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 42705 - Disclosed: 2008-03-11

Description:

Savvy Content Manager contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "searchterms" variable upon submission to the 'searchresults.cfm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 42706 - Disclosed: 2008-03-11

Description:

Savvy Content Manager contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'searchterms' variable upon submission to the 'search_results.cfm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 42707 - Disclosed: 2008-03-11

Description:

Savvy Content Manager contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "searchterms" variable upon submission to the 'search_results/index.cfm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 42642 - Disclosed: 2008-03-07

Description:

BosClassifieds Classified Ads System contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'returnTo' variables upon submission to the 'account.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 42604 - Disclosed: 2008-03-06

Description:

BosDates contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'calendar.php' variables upon submission to the 'type' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 42605 - Disclosed: 2008-03-06

Description:

BosDates contains a flaw that allows a remote cross site scripting attack. Input passed to the "type" parameter in calendar.php and to the "category" parameter in calendar_search.php is not properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 42292 - Disclosed: 2008-02-28

Description:

Interspire Shopping Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'search_query' variables upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 42301 - Disclosed: 2008-02-28

Description:

Maian Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "keywords" variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.