Network Security News – Sunday, December 11, 2005 Events
PerlCal cal_make.pl p0 Variable XSS
PerlCal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'p0' variable upon submission to the 'cal_make_.pl' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21540
rwAuction Pro search.asp searchtxt Variable XSS
rwAuction Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'searchtxt' variable upon submission to the 'search.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21475
Magic Book Professional book.cfm StartRow Variable XSS
Magic Book Professional contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'StartRow' variable upon submission to the 'book.cfm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21529
CA CleverPath Portal Login Page XSS
CleverPath Portal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the Login Page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21575
LocazoList Classifieds searchdb.asp q Variable XSS
LocazoList Classifieds contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'q' variable upon submission to the 'searchdb.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21530
XcPhotoAlbum PASearch.asp SearchFor Variable XSS
XcPhotoAlbum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'SearchFor' variables upon submission to the 'PASearch.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21477