|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 118 CVE : CVE-2005-3367 SecurityRisk : Low  (About) Remote Exploit : No Local Exploit : Yes Exploit Given : Yes Credit : sikikmail gmail com Published : 26.10.2005
Advisory Text : SparkleBlog is prone to HTMl injection attacks. It is possible for a malicious SparkleBlog user to inject hostile HTML script code into the commentary via form fields. This code may be rendered in the browser of a web user who views the commentary of SparkleBlog. SparkleBlog does not adequately filter HTMl tags from various fields. This may enable an attacker to inject arbitrary script code into pages that are generated by SparkleBlog example: put <script>alert('test')</script> in the "name:" tag in http://localhost/journal.php?id=1 SparkleBlog home page: http://www.creamed-coconut.org/  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |