Network Security News – Monday, December 26, 2005 Events
SiteSage Search Module norelay_highlight_words Variable XSS
SiteSage contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'norelay_highlight_words' variable upon submission to the search script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21861
CONTENS search.cfm Path Disclosure
CONTENS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker accesses it with some invalid input, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more at osvdb.org/21825
SPIP spip_pass.php3 XSS
SPIP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the spip_pass.php3 script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21865
papaya CMS bab[searchfor] Variable XSS
papaya CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "bab[searchfor]" variable upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21872
Colony CMS Search Module XSS
Red Ant Development's Colony CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the search script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21853
EPiX Search Module XSS
Formicary EPiX CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the search script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21849
Caravel CMS Introduction Multiple Variable XSS
Caravel CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "folderviewer_attrs" and "fileDN" variables upon submission to the 'Introduction' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21833
Amaxus CMS Search Module change Variable XSS
Amaxus CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'change' variable upon submission to the search script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21821
SPIP spip_login.php3 XSS
SPIP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the spip_login.php3 script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21864
toendaCMS index.php id Variable XSS
toendaCMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'id' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more at osvdb.org/21767
Leave a Reply