SiteSage Search Module norelay_highlight_words Variable XSS

Network Security News – Monday, December 26, 2005 Events

SiteSage Search Module norelay_highlight_words Variable XSS

SiteSage contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'norelay_highlight_words' variable upon submission to the search script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21861

CONTENS search.cfm Path Disclosure

CONTENS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker accesses it with some invalid input, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/21825

SPIP spip_pass.php3 XSS

SPIP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the spip_pass.php3 script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21865

papaya CMS bab[searchfor] Variable XSS

papaya CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "bab[searchfor]" variable upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21872

Colony CMS Search Module XSS

Red Ant Development's Colony CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the search script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21853

EPiX Search Module XSS

Formicary EPiX CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the search script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21849

Caravel CMS Introduction Multiple Variable XSS

Caravel CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "folderviewer_attrs" and "fileDN" variables upon submission to the 'Introduction' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21833

Amaxus CMS Search Module change Variable XSS

Amaxus CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'change' variable upon submission to the search script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21821

SPIP spip_login.php3 XSS

SPIP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the spip_login.php3 script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21864

toendaCMS index.php id Variable XSS

toendaCMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'id' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21767