Updated 09_24_2014

files.csv

@@ -31262,3 +31262,19 @@ id,file,description,date,author,platform,type,port
 34721,platforms/php/webapps/34721.txt,"Livefyre LiveComments Plugin - Stored XSS",2014-09-20,"Brij Kishore Mishra",php,webapps,0
 34722,platforms/php/webapps/34722.txt,"ClassApps SelectSurvey.net - Multiple SQL Injection Vulnerabilities",2014-09-20,BillV-Lists,php,webapps,0
 34729,platforms/windows/dos/34729.py,"Seafile-server <= 3.1.5 - Remote DoS",2014-09-20,"nop nop",windows,dos,0
+34730,platforms/php/webapps/34730.txt,"DragDropCart assets/js/ddcart.php sid Parameter XSS",2009-07-20,Moudi,php,webapps,0
+34731,platforms/php/webapps/34731.txt,"DragDropCart includes/ajax/getstate.php prefix Parameter XSS",2009-07-20,Moudi,php,webapps,0
+34732,platforms/php/webapps/34732.txt,"DragDropCart index.php search Parameter XSS",2009-07-20,Moudi,php,webapps,0
+34733,platforms/php/webapps/34733.txt,"DragDropCart search.php search Parameter XSS",2009-07-20,Moudi,php,webapps,0
+34734,platforms/php/webapps/34734.txt,"DragDropCart login.php redirect Parameter XSS",2009-07-20,Moudi,php,webapps,0
+34735,platforms/php/webapps/34735.txt,"DragDropCart productdetail.php product Parameter XSS",2009-07-20,Moudi,php,webapps,0
+34736,platforms/php/webapps/34736.txt,"EZArticles 'articles.php' Cross Site Scripting Vulnerability",2009-08-20,Moudi,php,webapps,0
+34737,platforms/php/webapps/34737.txt,"EZodiak \'index.php\' Cross Site Scripting Vulnerability",2009-07-20,Moudi,php,webapps,0
+34738,platforms/php/webapps/34738.txt,"GejoSoft Image Hosting Community Cross Site Scripting Vulnerability",2009-07-20,Moudi,php,webapps,0
+34740,platforms/php/webapps/34740.txt,"MyWeight 1.0 user_addfood.php date Parameter XSS",2009-07-20,Moudi,php,webapps,0
+34741,platforms/php/webapps/34741.txt,"MyWeight 1.0 user_forgot_pwd_form.php info Parameter XSS",2009-07-20,Moudi,php,webapps,0
+34742,platforms/php/webapps/34742.txt,"MyWeight 1.0 user_login.php Multiple Parameter XSS",2009-07-20,Moudi,php,webapps,0
+34743,platforms/php/webapps/34743.txt,"Proxy List Script 'index.php' Cross Site Scripting Vulnerability",2009-07-20,Moudi,php,webapps,0
+34744,platforms/php/webapps/34744.txt,"YourFreeWorld Ultra Classifieds listads.php Multiple Parameter XSS",2009-07-20,Moudi,php,webapps,0
+34745,platforms/php/webapps/34745.txt,"YourFreeWorld Ultra Classifieds subclass.php cname Parameter XSS",2009-07-20,Moudi,php,webapps,0
+34746,platforms/php/webapps/34746.txt,"Web TV 'chn' Parameter Cross Site Scripting Vulnerability",2009-07-20,Moudi,php,webapps,0

platforms/php/webapps/34730.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43478/info
+
+DragDropCart is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. 
+
+http://www.example.com/demo/assets/js/ddcart.php?sid=1<script>alert(649442730777)</script>

platforms/php/webapps/34731.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43478/info
+ 
+DragDropCart is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+ 
+http://www.example.com/demo/includes/ajax/getstate.php?country=1&prefix=1>"><ScRiPt %0A%0D>alert(712244301211)%3B</ScRiPt>

platforms/php/webapps/34732.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43478/info
+  
+DragDropCart is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+  
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+  
+http://www.example.com/demo/index.php?page=1&search=1>"><ScRiPt %0A%0D>alert(312759321896)%3B</ScRiPt>

platforms/php/webapps/34733.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43478/info
+   
+DragDropCart is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+   
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+   
+http://www.example.com/demo/search.php?search=1<script>alert(308229169208)</script>

platforms/php/webapps/34734.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43478/info
+    
+DragDropCart is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+    
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+    
+http://www.example.com/demo/login.php?redirect=1>"><ScRiPt %0A%0D>alert(381490124289)%3B</ScRiPt>

platforms/php/webapps/34735.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43478/info
+     
+DragDropCart is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+     
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+     
+http://www.example.com/demo/productdetail.php?product=1>"><ScRiPt %0A%0D>alert(387540356725)%3B</ScRiPt>

platforms/php/webapps/34736.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43483/info
+
+EZArticles is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. 
+
+http://www.example.com/ezarticles/articles_1/articles.php?id=6&title=1<script>alert(309558774901)</script>

platforms/php/webapps/34737.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43485/info
+
+EZodiak is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. 
+
+http://www.example.com/ezarticles/ezodiak/index.php?sign=1>"><ScRiPt %0A%0D>alert(309408771751)%3B</ScRiPt>&date=20090717

platforms/php/webapps/34738.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43486/info
+
+GejoSoft Image Hosting Community is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. 
+
+http://www.example.com/photos/tags/1<body+onload=alert(323052257059)>2009-07-20

platforms/php/webapps/34740.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/43488/info
+
+MyWeight is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+phplemon MyWeight 1.0 is vulnerable; others versions may be affected. 
+
+http://www.example.com/user_addfood.php?date=1>"><ScRiPt %0A%0D>alert(316624303488)%3B</ScRiPt>

platforms/php/webapps/34741.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/43488/info
+ 
+MyWeight is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+ 
+phplemon MyWeight 1.0 is vulnerable; others versions may be affected. 
+
+http://www.example.com/user_forgot_pwd_form.php?info=1<script>alert(394944650346)</script>

platforms/php/webapps/34742.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/43488/info
+  
+MyWeight is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+  
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+  
+phplemon MyWeight 1.0 is vulnerable; others versions may be affected. 
+
+http://www.example.com/user_login.php?info=1<script>alert(311454197400)</script>
+http://www.example.com/user_login.php?info=7&return=1>\"><ScRiPt+%0A%0D>alert(390214587228)%3B<%2FScRiPt>
+

platforms/php/webapps/34743.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43489/info
+
+Proxy List Script is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
+
+http://www.example.com/proxysite/index.php?act=whois&ip=1>"><ScRiPt %0A%0D>alert(319788800356)%3B</ScRiPt>

platforms/php/webapps/34744.txt

@@ -0,0 +1,9 @@
+source: www.securityfocus.com/bid/43490/info
+
+Ultra Classifieds is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied input
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Ultra Classifieds Pro is vulnerable; other versions may also be affected.
+
+http://www.example.com/ultraclassifieds/listads.php?c=69&cn=apartments&sn=1>"><ScRiPt %0A%0D>alert(317944247288)%3B</ScRiPt>

platforms/php/webapps/34745.txt

@@ -0,0 +1,9 @@
+source: www.securityfocus.com/bid/43490/info
+ 
+Ultra Classifieds is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied input
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+ 
+Ultra Classifieds Pro is vulnerable; other versions may also be affected.
+
+http://www.example.com/ultraclassifieds/subclass.php?c=18&cname=1<script>alert(308954043099)</script> 

platforms/php/webapps/34746.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/43494/info
+
+Web TV is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. 
+
+http://www.example.com/web_tv_v3/?chn=1<script>alert(308238444762)</script>