2 results (0.001 seconds)

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 4

Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SWsoft Plesk 8.0.1 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección mediante parámetros no especificados en (1) get_password.php ó (2) login_up.php3. • https://www.exploit-db.com/exploits/29017 https://www.exploit-db.com/exploits/29018 http://marc.info/?l=bugtraq&m=116370467532206&w=2 http://securitytracker.com/id?1017236 http://www.majorsecurity.de/index_2.php?major_rls=major_rls34 http://www.securityfocus.com/bid/21067 https://exchange.xforce.ibmcloud.com/vulnerabilities/30320 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2

Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might be the same vector as CVE-2006-6451. • https://www.exploit-db.com/exploits/24405 http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1022.html http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1031.html http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0554.html http://secunia.com/advisories/12368 http://securitytracker.com/id?1011042 http://www.osvdb.org/9149 http://www.securityfocus.com/bid/11024 https://exchange.xforce.ibmcloud.com/vulnerabilities/17085 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •