cPanel "objcache" cross-site scripting vulnerability

Tuesday, 13 February 2007

A new version of cPanel is available, it fixes a vulnerability which could be exploited by malicious people to conduct cross-site scripting attacks.

Uphotogallery <= v1.1 "thumbnails.asp" and "images_archive.asp" XSS

Tuesday, 6 February 2007

Doz from hackerscenter.com, has reported a cross-site scripting vulnerability in Uphotogallery. Malicious people can exploit this vulnerability to perform XSS attacks.

PHP Link Directory <= v3.0.6 administration page XSS vulnerability

Tuesday, 6 February 2007

A cross-site scripting vulnerability in PHP Link Directory, has been discovered by Jussi Vuokko and Henri Lindberg. Malicious people can trick the phpLD admin to validate a submitted link and gain administrative access.

Safari improper parse of HTML tags and BlogSpot.com XSS vulnerability

Tuesday, 6 February 2007

Two vulnerabilities existing in Safari web browser and BlogSpot.com, have been discovered by Jose Avila. Malicious people can exploit the Safari vulnerability to execute HTML tags within comments. Comments in blogs hosted on BlogSpot, can be injected with malicious scripts.

Moveble Type <= v3.33 XSS filter evasion vulnerability

Tuesday, 6 February 2007

A way to evade the XSS filter of Movable Type, has been discovered by teracci2002. Malicious people can exploit this vulnerability to steal cookies and deface websites.

FlashChat <= v4.7.8 - "info.php" XSS vulnerability

Tuesday, 6 February 2007

A script insertion vulnerability in FlashChat, has been discovered by binaryloc. Malicious people can exploit this vulnerability to perform XSS attacks. A patch is not yet available from the vendor. An unofficial patch is available on binaryloc's website.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

45884 total xss 14724 special xss 3026 fixed 5328 xss onhold 2933 EW subscribers

Tweets about ""cross site scripting" OR from:xssedcom"