Auditorías de Seguridad / Evaluación de vulnerabilidades de SecuritySpace

Categoría: CGI abuses : XSS

ID # Riesgo Título de la Prueba

1.3.6.1.4.1.25623.1.0.60165 Medio Wordpress Cross-Site Scripting in wp-admin/edit.php

1.3.6.1.4.1.25623.1.0.60164 Medio Wordpress Multiple Cross-Site Scripting Vulnerabilities(2)

1.3.6.1.4.1.25623.1.0.60121 Alto eggBlog <= 3.1.0 Multiple XSS vulnerabilities

1.3.6.1.4.1.25623.1.0.57990 Medio MyCalendar Multiple Cross-Site Scripting Vulnerabilities

1.3.6.1.4.1.25623.1.0.56995 Medio CMSimple Index.PHP Search Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.56977 Medio Hosting Controller Error page XSS

1.3.6.1.4.1.25623.1.0.56969 Medio DokuWiki Mediamanager Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.56903 Medio ArGoSoft Mail Server Pro Webmail Cross Site Scripting

1.3.6.1.4.1.25623.1.0.56894 Medio vBulletin Image Upload HTML Injection Vulnerability

1.3.6.1.4.1.25623.1.0.56893 Medio VBulletin Event Title HTML Injection Vulnerability

1.3.6.1.4.1.25623.1.0.56892 Medio VBulletin Profile.PHP Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.56884 Medio vBulletin Showthread.PHP Input Validation

1.3.6.1.4.1.25623.1.0.56883 Medio VBulletin Profile.PHP Email Field HTML Injection

1.3.6.1.4.1.25623.1.0.56882 Medio vBulletin Vbugs.PHP Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.56880 Medio RunCMS < 1.3b Bigshow.PHP Cross Site Scripting

1.3.6.1.4.1.25623.1.0.56879 Medio RunCMS < 1.3b ratefile.php Cross Site Scripting

1.3.6.1.4.1.25623.1.0.56872 Medio UBB.threads <= 6.5.3 Cross Site Scripting

1.3.6.1.4.1.25623.1.0.56844 Medio PHPsysInfo File Disclosure Vulnerabilities

1.3.6.1.4.1.25623.1.0.56843 Medio PHPsysInfo Multiple Vulnerabilities

1.3.6.1.4.1.25623.1.0.56757 Medio E107 Website Cross Site Scripting Vulnerability

1.3.6.1.4.1.25623.1.0.56753 Medio CubeCart Arbitrary File Upload Vulnerability

1.3.6.1.4.1.25623.1.0.56752 Medio CubeCart Multiple XSS vulnerabilities(3)

1.3.6.1.4.1.25623.1.0.56751 Medio CubeCart Multiple XSS vulnerabilities(2)

1.3.6.1.4.1.25623.1.0.56749 Alto CuteNews Multiple Cross-Site Scripting Vulnerabilities(2)

1.3.6.1.4.1.25623.1.0.55471 Alto S9Y Serendipity Account Hijack Vulnerability

1.3.6.1.4.1.25623.1.0.55368 Alto CuteNews Multiple Cross-site Scripting Vulnerabilities

1.3.6.1.4.1.25623.1.0.55367 Medio CuteNews show_archives.php Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.55364 Medio CuteNews index.php Cross-Site Scripting Vulnerability

1.3.6.1.4.1.25623.1.0.55337 Medio phpBB2 Plus 1.52 Multiple vulnerabilities

1.3.6.1.4.1.25623.1.0.55301 Medio Drupal Cross-Site Scripting Vulnerability

1.3.6.1.4.1.25623.1.0.55296 Medio phpBB <= 2.0.16 Nested BBCode cross site scripting

1.3.6.1.4.1.25623.1.0.55264 Medio phpMyAdmin < 2.6.4-rc1 Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.52756 Medio YaBB Remote UsersRecentPosts Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.52746 Medio Wordpress Multiple Cross-Site Scripting Vulnerabilities

1.3.6.1.4.1.25623.1.0.52742 Alto Wordpress Multiple Cross-Site Scripting Vulnerabilities

1.3.6.1.4.1.25623.1.0.52735 Medio S9Y Serendipity Exit.PHP HTTP Response Splitting

1.3.6.1.4.1.25623.1.0.52727 Medio S9Y Serendipity Cross Site Scripting

1.3.6.1.4.1.25623.1.0.52117 Medio Koobi CMS Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.52102 Medio Kayako ESupport Index.PHP Multiple XSS

1.3.6.1.4.1.25623.1.0.52079 Medio Coppermine Photo Gallery X-Forwarded-For HTML Injection

1.3.6.1.4.1.25623.1.0.52071 Alto Invision Power Board Insecure Permissions

1.3.6.1.4.1.25623.1.0.52067 Alto Invision Power Board Multiple Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.52065 Alto Invision Power Board Pop Parameter Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.52062 Alto Invision Power Board SSI.PHP Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.52061 Alto Invision Power Board Potential IP Address Spoofing

1.3.6.1.4.1.25623.1.0.52060 Alto Invision Power Board Index.php Query XSS

1.3.6.1.4.1.25623.1.0.52059 Medio Invision Power Board Referer Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.52048 Medio Comersus Comersus_Search_Item.ASP Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.52035 Alto ProfitCode PayProCart Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.52019 Medio Comersus Cart Username Field HTML Injection

1.3.6.1.4.1.25623.1.0.52009 Alto phpMyAdmin Convcharset Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.51976 Alto phpMyAdmin Multiple Remote Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.51971 Alto PBLang Multiple Cross-Site Scripting

1.3.6.1.4.1.25623.1.0.51970 Alto PaNews Cross-Site Scripting Vulnerability

1.3.6.1.4.1.25623.1.0.51958 Alto ArGoSoft Mail Server HTML Injection

1.3.6.1.4.1.25623.1.0.51953 Medio PHP-Fusion Setuser.PHP HTML Injection

1.3.6.1.4.1.25623.1.0.51952 Medio PHP-Fusion BBCode IMG Tag Script Injection

1.3.6.1.4.1.25623.1.0.51930 Alto SunShop Shopping cart cross site scripting

1.3.6.1.4.1.25623.1.0.51914 Medio Icecast Status Display XSS Vulnerability

1.3.6.1.4.1.25623.1.0.51848 Alto Geeklog 1.3.7 XSS vulnerabilities

1.3.6.1.4.1.25623.1.0.51847 Alto Geeklog 1.3.5 XSS and script injection attacks

1.3.6.1.4.1.25623.1.0.51780 Alto Siteman priviledge escalation vulnerability

1.3.6.1.4.1.25623.1.0.51773 Alto phpBB cross site scripting

1.3.6.1.4.1.25623.1.0.51769 Alto phpBB search author xss

1.3.6.1.4.1.25623.1.0.51762 Medio CubeCart Multiple XSS vulnerabilities

1.3.6.1.4.1.25623.1.0.51758 Medio BiTBOARD cross site scripting vulnerability

1.3.6.1.4.1.25623.1.0.51754 Alto Siteman Multiple XSS vulnerabilities

ID #	Riesgo	Título de la Prueba
1.3.6.1.4.1.25623.1.0.60165	Medio	Wordpress Cross-Site Scripting in wp-admin/edit.php
1.3.6.1.4.1.25623.1.0.60164	Medio	Wordpress Multiple Cross-Site Scripting Vulnerabilities(2)
1.3.6.1.4.1.25623.1.0.60121	Alto	eggBlog <= 3.1.0 Multiple XSS vulnerabilities
1.3.6.1.4.1.25623.1.0.57990	Medio	MyCalendar Multiple Cross-Site Scripting Vulnerabilities
1.3.6.1.4.1.25623.1.0.56995	Medio	CMSimple Index.PHP Search Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.56977	Medio	Hosting Controller Error page XSS
1.3.6.1.4.1.25623.1.0.56969	Medio	DokuWiki Mediamanager Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.56903	Medio	ArGoSoft Mail Server Pro Webmail Cross Site Scripting
1.3.6.1.4.1.25623.1.0.56894	Medio	vBulletin Image Upload HTML Injection Vulnerability
1.3.6.1.4.1.25623.1.0.56893	Medio	VBulletin Event Title HTML Injection Vulnerability
1.3.6.1.4.1.25623.1.0.56892	Medio	VBulletin Profile.PHP Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.56884	Medio	vBulletin Showthread.PHP Input Validation
1.3.6.1.4.1.25623.1.0.56883	Medio	VBulletin Profile.PHP Email Field HTML Injection
1.3.6.1.4.1.25623.1.0.56882	Medio	vBulletin Vbugs.PHP Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.56880	Medio	RunCMS < 1.3b Bigshow.PHP Cross Site Scripting
1.3.6.1.4.1.25623.1.0.56879	Medio	RunCMS < 1.3b ratefile.php Cross Site Scripting
1.3.6.1.4.1.25623.1.0.56872	Medio	UBB.threads <= 6.5.3 Cross Site Scripting
1.3.6.1.4.1.25623.1.0.56844	Medio	PHPsysInfo File Disclosure Vulnerabilities
1.3.6.1.4.1.25623.1.0.56843	Medio	PHPsysInfo Multiple Vulnerabilities
1.3.6.1.4.1.25623.1.0.56757	Medio	E107 Website Cross Site Scripting Vulnerability
1.3.6.1.4.1.25623.1.0.56753	Medio	CubeCart Arbitrary File Upload Vulnerability
1.3.6.1.4.1.25623.1.0.56752	Medio	CubeCart Multiple XSS vulnerabilities(3)
1.3.6.1.4.1.25623.1.0.56751	Medio	CubeCart Multiple XSS vulnerabilities(2)
1.3.6.1.4.1.25623.1.0.56749	Alto	CuteNews Multiple Cross-Site Scripting Vulnerabilities(2)
1.3.6.1.4.1.25623.1.0.55471	Alto	S9Y Serendipity Account Hijack Vulnerability
1.3.6.1.4.1.25623.1.0.55368	Alto	CuteNews Multiple Cross-site Scripting Vulnerabilities
1.3.6.1.4.1.25623.1.0.55367	Medio	CuteNews show_archives.php Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.55364	Medio	CuteNews index.php Cross-Site Scripting Vulnerability
1.3.6.1.4.1.25623.1.0.55337	Medio	phpBB2 Plus 1.52 Multiple vulnerabilities
1.3.6.1.4.1.25623.1.0.55301	Medio	Drupal Cross-Site Scripting Vulnerability
1.3.6.1.4.1.25623.1.0.55296	Medio	phpBB <= 2.0.16 Nested BBCode cross site scripting
1.3.6.1.4.1.25623.1.0.55264	Medio	phpMyAdmin < 2.6.4-rc1 Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.52756	Medio	YaBB Remote UsersRecentPosts Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.52746	Medio	Wordpress Multiple Cross-Site Scripting Vulnerabilities
1.3.6.1.4.1.25623.1.0.52742	Alto	Wordpress Multiple Cross-Site Scripting Vulnerabilities
1.3.6.1.4.1.25623.1.0.52735	Medio	S9Y Serendipity Exit.PHP HTTP Response Splitting
1.3.6.1.4.1.25623.1.0.52727	Medio	S9Y Serendipity Cross Site Scripting
1.3.6.1.4.1.25623.1.0.52117	Medio	Koobi CMS Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.52102	Medio	Kayako ESupport Index.PHP Multiple XSS
1.3.6.1.4.1.25623.1.0.52079	Medio	Coppermine Photo Gallery X-Forwarded-For HTML Injection
1.3.6.1.4.1.25623.1.0.52071	Alto	Invision Power Board Insecure Permissions
1.3.6.1.4.1.25623.1.0.52067	Alto	Invision Power Board Multiple Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.52065	Alto	Invision Power Board Pop Parameter Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.52062	Alto	Invision Power Board SSI.PHP Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.52061	Alto	Invision Power Board Potential IP Address Spoofing
1.3.6.1.4.1.25623.1.0.52060	Alto	Invision Power Board Index.php Query XSS
1.3.6.1.4.1.25623.1.0.52059	Medio	Invision Power Board Referer Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.52048	Medio	Comersus Comersus_Search_Item.ASP Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.52035	Alto	ProfitCode PayProCart Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.52019	Medio	Comersus Cart Username Field HTML Injection
1.3.6.1.4.1.25623.1.0.52009	Alto	phpMyAdmin Convcharset Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.51976	Alto	phpMyAdmin Multiple Remote Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.51971	Alto	PBLang Multiple Cross-Site Scripting
1.3.6.1.4.1.25623.1.0.51970	Alto	PaNews Cross-Site Scripting Vulnerability
1.3.6.1.4.1.25623.1.0.51958	Alto	ArGoSoft Mail Server HTML Injection
1.3.6.1.4.1.25623.1.0.51953	Medio	PHP-Fusion Setuser.PHP HTML Injection
1.3.6.1.4.1.25623.1.0.51952	Medio	PHP-Fusion BBCode IMG Tag Script Injection
1.3.6.1.4.1.25623.1.0.51930	Alto	SunShop Shopping cart cross site scripting
1.3.6.1.4.1.25623.1.0.51914	Medio	Icecast Status Display XSS Vulnerability
1.3.6.1.4.1.25623.1.0.51848	Alto	Geeklog 1.3.7 XSS vulnerabilities
1.3.6.1.4.1.25623.1.0.51847	Alto	Geeklog 1.3.5 XSS and script injection attacks
1.3.6.1.4.1.25623.1.0.51780	Alto	Siteman priviledge escalation vulnerability
1.3.6.1.4.1.25623.1.0.51773	Alto	phpBB cross site scripting
1.3.6.1.4.1.25623.1.0.51769	Alto	phpBB search author xss
1.3.6.1.4.1.25623.1.0.51762	Medio	CubeCart Multiple XSS vulnerabilities
1.3.6.1.4.1.25623.1.0.51758	Medio	BiTBOARD cross site scripting vulnerability
1.3.6.1.4.1.25623.1.0.51754	Alto	Siteman Multiple XSS vulnerabilities