Network Security Audits / Vulnerability Assessments by SecuritySpace

Category: CGI abuses : XSS

ID # Risk Test Title

1.3.6.1.4.1.25623.1.0.60165 Medium Wordpress Cross-Site Scripting in wp-admin/edit.php

1.3.6.1.4.1.25623.1.0.60164 Medium Wordpress Multiple Cross-Site Scripting Vulnerabilities(2)

1.3.6.1.4.1.25623.1.0.60121 High eggBlog <= 3.1.0 Multiple XSS vulnerabilities

1.3.6.1.4.1.25623.1.0.57990 Medium MyCalendar Multiple Cross-Site Scripting Vulnerabilities

1.3.6.1.4.1.25623.1.0.56995 Medium CMSimple Index.PHP Search Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.56977 Medium Hosting Controller Error page XSS

1.3.6.1.4.1.25623.1.0.56969 Medium DokuWiki Mediamanager Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.56903 Medium ArGoSoft Mail Server Pro Webmail Cross Site Scripting

1.3.6.1.4.1.25623.1.0.56894 Medium vBulletin Image Upload HTML Injection Vulnerability

1.3.6.1.4.1.25623.1.0.56893 Medium VBulletin Event Title HTML Injection Vulnerability

1.3.6.1.4.1.25623.1.0.56892 Medium VBulletin Profile.PHP Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.56884 Medium vBulletin Showthread.PHP Input Validation

1.3.6.1.4.1.25623.1.0.56883 Medium VBulletin Profile.PHP Email Field HTML Injection

1.3.6.1.4.1.25623.1.0.56882 Medium vBulletin Vbugs.PHP Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.56880 Medium RunCMS < 1.3b Bigshow.PHP Cross Site Scripting

1.3.6.1.4.1.25623.1.0.56879 Medium RunCMS < 1.3b ratefile.php Cross Site Scripting

1.3.6.1.4.1.25623.1.0.56872 Medium UBB.threads <= 6.5.3 Cross Site Scripting

1.3.6.1.4.1.25623.1.0.56844 Medium PHPsysInfo File Disclosure Vulnerabilities

1.3.6.1.4.1.25623.1.0.56843 Medium PHPsysInfo Multiple Vulnerabilities

1.3.6.1.4.1.25623.1.0.56757 Medium E107 Website Cross Site Scripting Vulnerability

1.3.6.1.4.1.25623.1.0.56753 Medium CubeCart Arbitrary File Upload Vulnerability

1.3.6.1.4.1.25623.1.0.56752 Medium CubeCart Multiple XSS vulnerabilities(3)

1.3.6.1.4.1.25623.1.0.56751 Medium CubeCart Multiple XSS vulnerabilities(2)

1.3.6.1.4.1.25623.1.0.56749 High CuteNews Multiple Cross-Site Scripting Vulnerabilities(2)

1.3.6.1.4.1.25623.1.0.55471 High S9Y Serendipity Account Hijack Vulnerability

1.3.6.1.4.1.25623.1.0.55368 High CuteNews Multiple Cross-site Scripting Vulnerabilities

1.3.6.1.4.1.25623.1.0.55367 Medium CuteNews show_archives.php Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.55364 Medium CuteNews index.php Cross-Site Scripting Vulnerability

1.3.6.1.4.1.25623.1.0.55337 Medium phpBB2 Plus 1.52 Multiple vulnerabilities

1.3.6.1.4.1.25623.1.0.55301 Medium Drupal Cross-Site Scripting Vulnerability

1.3.6.1.4.1.25623.1.0.55296 Medium phpBB <= 2.0.16 Nested BBCode cross site scripting

1.3.6.1.4.1.25623.1.0.55264 Medium phpMyAdmin < 2.6.4-rc1 Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.52756 Medium YaBB Remote UsersRecentPosts Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.52746 Medium Wordpress Multiple Cross-Site Scripting Vulnerabilities

1.3.6.1.4.1.25623.1.0.52742 High Wordpress Multiple Cross-Site Scripting Vulnerabilities

1.3.6.1.4.1.25623.1.0.52735 Medium S9Y Serendipity Exit.PHP HTTP Response Splitting

1.3.6.1.4.1.25623.1.0.52727 Medium S9Y Serendipity Cross Site Scripting

1.3.6.1.4.1.25623.1.0.52117 Medium Koobi CMS Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.52102 Medium Kayako ESupport Index.PHP Multiple XSS

1.3.6.1.4.1.25623.1.0.52079 Medium Coppermine Photo Gallery X-Forwarded-For HTML Injection

1.3.6.1.4.1.25623.1.0.52071 High Invision Power Board Insecure Permissions

1.3.6.1.4.1.25623.1.0.52067 High Invision Power Board Multiple Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.52065 High Invision Power Board Pop Parameter Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.52062 High Invision Power Board SSI.PHP Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.52061 High Invision Power Board Potential IP Address Spoofing

1.3.6.1.4.1.25623.1.0.52060 High Invision Power Board Index.php Query XSS

1.3.6.1.4.1.25623.1.0.52059 Medium Invision Power Board Referer Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.52048 Medium Comersus Comersus_Search_Item.ASP Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.52035 High ProfitCode PayProCart Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.52019 Medium Comersus Cart Username Field HTML Injection

1.3.6.1.4.1.25623.1.0.52009 High phpMyAdmin Convcharset Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.51976 High phpMyAdmin Multiple Remote Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.51971 High PBLang Multiple Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.51970 High PaNews Cross-Site Scripting Vulnerability

1.3.6.1.4.1.25623.1.0.51958 High ArGoSoft Mail Server HTML Injection

1.3.6.1.4.1.25623.1.0.51953 Medium PHP-Fusion Setuser.PHP HTML Injection

1.3.6.1.4.1.25623.1.0.51952 Medium PHP-Fusion BBCode IMG Tag Script Injection

1.3.6.1.4.1.25623.1.0.51930 High SunShop Shopping cart cross site scripting

1.3.6.1.4.1.25623.1.0.51914 Medium Icecast Status Display XSS Vulnerability

1.3.6.1.4.1.25623.1.0.51848 High Geeklog 1.3.7 XSS vulnerabilities

1.3.6.1.4.1.25623.1.0.51847 High Geeklog 1.3.5 XSS and script injection attacks

1.3.6.1.4.1.25623.1.0.51780 High Siteman priviledge escalation vulnerability

1.3.6.1.4.1.25623.1.0.51773 High phpBB cross site scripting

1.3.6.1.4.1.25623.1.0.51769 High phpBB search author xss

1.3.6.1.4.1.25623.1.0.51762 Medium CubeCart Multiple XSS vulnerabilities

1.3.6.1.4.1.25623.1.0.51758 Medium BiTBOARD cross site scripting vulnerability

1.3.6.1.4.1.25623.1.0.51754 High Siteman Multiple XSS vulnerabilities

ID #	Risk	Test Title
1.3.6.1.4.1.25623.1.0.60165	Medium	Wordpress Cross-Site Scripting in wp-admin/edit.php
1.3.6.1.4.1.25623.1.0.60164	Medium	Wordpress Multiple Cross-Site Scripting Vulnerabilities(2)
1.3.6.1.4.1.25623.1.0.60121	High	eggBlog <= 3.1.0 Multiple XSS vulnerabilities
1.3.6.1.4.1.25623.1.0.57990	Medium	MyCalendar Multiple Cross-Site Scripting Vulnerabilities
1.3.6.1.4.1.25623.1.0.56995	Medium	CMSimple Index.PHP Search Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.56977	Medium	Hosting Controller Error page XSS
1.3.6.1.4.1.25623.1.0.56969	Medium	DokuWiki Mediamanager Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.56903	Medium	ArGoSoft Mail Server Pro Webmail Cross Site Scripting
1.3.6.1.4.1.25623.1.0.56894	Medium	vBulletin Image Upload HTML Injection Vulnerability
1.3.6.1.4.1.25623.1.0.56893	Medium	VBulletin Event Title HTML Injection Vulnerability
1.3.6.1.4.1.25623.1.0.56892	Medium	VBulletin Profile.PHP Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.56884	Medium	vBulletin Showthread.PHP Input Validation
1.3.6.1.4.1.25623.1.0.56883	Medium	VBulletin Profile.PHP Email Field HTML Injection
1.3.6.1.4.1.25623.1.0.56882	Medium	vBulletin Vbugs.PHP Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.56880	Medium	RunCMS < 1.3b Bigshow.PHP Cross Site Scripting
1.3.6.1.4.1.25623.1.0.56879	Medium	RunCMS < 1.3b ratefile.php Cross Site Scripting
1.3.6.1.4.1.25623.1.0.56872	Medium	UBB.threads <= 6.5.3 Cross Site Scripting
1.3.6.1.4.1.25623.1.0.56844	Medium	PHPsysInfo File Disclosure Vulnerabilities
1.3.6.1.4.1.25623.1.0.56843	Medium	PHPsysInfo Multiple Vulnerabilities
1.3.6.1.4.1.25623.1.0.56757	Medium	E107 Website Cross Site Scripting Vulnerability
1.3.6.1.4.1.25623.1.0.56753	Medium	CubeCart Arbitrary File Upload Vulnerability
1.3.6.1.4.1.25623.1.0.56752	Medium	CubeCart Multiple XSS vulnerabilities(3)
1.3.6.1.4.1.25623.1.0.56751	Medium	CubeCart Multiple XSS vulnerabilities(2)
1.3.6.1.4.1.25623.1.0.56749	High	CuteNews Multiple Cross-Site Scripting Vulnerabilities(2)
1.3.6.1.4.1.25623.1.0.55471	High	S9Y Serendipity Account Hijack Vulnerability
1.3.6.1.4.1.25623.1.0.55368	High	CuteNews Multiple Cross-site Scripting Vulnerabilities
1.3.6.1.4.1.25623.1.0.55367	Medium	CuteNews show_archives.php Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.55364	Medium	CuteNews index.php Cross-Site Scripting Vulnerability
1.3.6.1.4.1.25623.1.0.55337	Medium	phpBB2 Plus 1.52 Multiple vulnerabilities
1.3.6.1.4.1.25623.1.0.55301	Medium	Drupal Cross-Site Scripting Vulnerability
1.3.6.1.4.1.25623.1.0.55296	Medium	phpBB <= 2.0.16 Nested BBCode cross site scripting
1.3.6.1.4.1.25623.1.0.55264	Medium	phpMyAdmin < 2.6.4-rc1 Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.52756	Medium	YaBB Remote UsersRecentPosts Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.52746	Medium	Wordpress Multiple Cross-Site Scripting Vulnerabilities
1.3.6.1.4.1.25623.1.0.52742	High	Wordpress Multiple Cross-Site Scripting Vulnerabilities
1.3.6.1.4.1.25623.1.0.52735	Medium	S9Y Serendipity Exit.PHP HTTP Response Splitting
1.3.6.1.4.1.25623.1.0.52727	Medium	S9Y Serendipity Cross Site Scripting
1.3.6.1.4.1.25623.1.0.52117	Medium	Koobi CMS Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.52102	Medium	Kayako ESupport Index.PHP Multiple XSS
1.3.6.1.4.1.25623.1.0.52079	Medium	Coppermine Photo Gallery X-Forwarded-For HTML Injection
1.3.6.1.4.1.25623.1.0.52071	High	Invision Power Board Insecure Permissions
1.3.6.1.4.1.25623.1.0.52067	High	Invision Power Board Multiple Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.52065	High	Invision Power Board Pop Parameter Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.52062	High	Invision Power Board SSI.PHP Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.52061	High	Invision Power Board Potential IP Address Spoofing
1.3.6.1.4.1.25623.1.0.52060	High	Invision Power Board Index.php Query XSS
1.3.6.1.4.1.25623.1.0.52059	Medium	Invision Power Board Referer Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.52048	Medium	Comersus Comersus_Search_Item.ASP Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.52035	High	ProfitCode PayProCart Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.52019	Medium	Comersus Cart Username Field HTML Injection
1.3.6.1.4.1.25623.1.0.52009	High	phpMyAdmin Convcharset Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.51976	High	phpMyAdmin Multiple Remote Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.51971	High	PBLang Multiple Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.51970	High	PaNews Cross-Site Scripting Vulnerability
1.3.6.1.4.1.25623.1.0.51958	High	ArGoSoft Mail Server HTML Injection
1.3.6.1.4.1.25623.1.0.51953	Medium	PHP-Fusion Setuser.PHP HTML Injection
1.3.6.1.4.1.25623.1.0.51952	Medium	PHP-Fusion BBCode IMG Tag Script Injection
1.3.6.1.4.1.25623.1.0.51930	High	SunShop Shopping cart cross site scripting
1.3.6.1.4.1.25623.1.0.51914	Medium	Icecast Status Display XSS Vulnerability
1.3.6.1.4.1.25623.1.0.51848	High	Geeklog 1.3.7 XSS vulnerabilities
1.3.6.1.4.1.25623.1.0.51847	High	Geeklog 1.3.5 XSS and script injection attacks
1.3.6.1.4.1.25623.1.0.51780	High	Siteman priviledge escalation vulnerability
1.3.6.1.4.1.25623.1.0.51773	High	phpBB cross site scripting
1.3.6.1.4.1.25623.1.0.51769	High	phpBB search author xss
1.3.6.1.4.1.25623.1.0.51762	Medium	CubeCart Multiple XSS vulnerabilities
1.3.6.1.4.1.25623.1.0.51758	Medium	BiTBOARD cross site scripting vulnerability
1.3.6.1.4.1.25623.1.0.51754	High	Siteman Multiple XSS vulnerabilities