- Nikto --------------------------------------------------------------------------- + Multiple IPs found: 151.101.64.84, 151.101.0.84, 151.101.128.84, 151.101.192.84 + Target IP: 151.101.64.84 + Target Hostname: pinterest.com + Target Port: 80 + Start Time: 2024-10-28 06:24:34 (GMT-4) --------------------------------------------------------------------------- + Server: No banner retrieved + Root page / redirects to: https://pinterest.com/ + No CGI Directories found (use '-C all' to force check all possible dirs) + /: Retrieved via header: 1.1 varnish. + /: Retrieved x-served-by header: cache-lga21950-LGA. + /: Uncommon header 'x-served-by' found, with contents: cache-lga21950-LGA. + /themes/mambosimple.php?detection=detected&sitename=: Mambo PHP Portal/Server is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1204 + /index.php?option=search&searchword=: Mambo Site Server 4.0 build 10 is vulnerable to Cross Site Scripting (XSS). + /index.php?dir=: Auto Directory Index 1.2.3 and prior are vulnerable to XSS attacks. See: https://vulners.com/osvdb/OSVDB:2820 + /https-admserv/bin/index?/: Sun ONE Web Server 6.1 administration control is vulnerable to XSS attacks. + /clusterframe.jsp?cluster=: Macromedia JRun 4.x JMC Interface, clusterframe.jsp file is vulnerable to a XSS attack. See: OSVDB-2876 + /666%0a%0a666.jsp: Apache Tomcat 4.1 / Linux is vulnerable to Cross Site Scripting (XSS). + /servlet/MsgPage?action=test&msg=: NetDetector 3.0 and below are vulnerable to Cross Site Scripting (XSS). + /servlet/org.apache.catalina.ContainerServlet/: Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. + /servlet/org.apache.catalina.Context/: Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. + /servlet/org.apache.catalina.Globals/: Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. + /servlet/org.apache.catalina.servlets.WebdavStatus/: Apache-Tomcat is vulnerable to Cross Site Scripting (XSS) by invoking java classes. + /servlets/MsgPage?action=badlogin&msg=: The NetDetector install is vulnerable to Cross Site Scripting (XSS) in its invalid login message. + /nosuchurl/>: JEUS is vulnerable to Cross Site Scripting (XSS) when requesting non-existing JSP pages. See: https://seclists.org/fulldisclosure/2003/Jun/494 + /webcalendar/week.php?eventinfo=: Webcalendar 0.9.42 and below are vulnerable to Cross Site Scripting (XSS). See: OSVDB-3624 + /~/.aspx?aspxerrorpath=null: Cross site scripting (XSS) is allowed with .aspx file requests. See: http://www.cert.org/advisories/CA-2000-02.html + /~/.aspx: Cross site scripting (XSS) is allowed with .aspx file requests. See: http://www.cert.org/advisories/CA-2000-02.html + /~/.asp: Cross site scripting (XSS) is allowed with .asp file requests. See: http://www.cert.org/advisories/CA-2000-02.html + /user.php?op=userinfo&uname=: The PHP-Nuke installation is vulnerable to Cross Site Scripting (XSS). Update to versions above 5.3.1. + /templates/form_header.php?noticemsg=: MyMarket 1.71 is vulnerable to Cross Site Scripting (XSS). See: OSVDB-41361 + /supporter/index.php?t=updateticketlog&id=<script></script>: MyHelpdesk versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0931 + /supporter/index.php?t=tickettime&id=<script></script>: MyHelpdesk versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0931 + /supporter/index.php?t=ticketfiles&id=<script></script>: MyHelpdesk versions v20020509 and older are vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0931 + /sunshop.index.php?action=storenew&username=: SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page. + /submit.php?subject=&story=&storyext=&op=Preview: This install of PHP-Nuke is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1524 + /ss000007.pl?PRODREF=: Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1732 + /setup.exe?&page=list_users&user=P: CiscoSecure ACS v3.0(1) Build 40 allows Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0938 + /servlet/ContentServer?pagename=: Open Market Inc. ContentServer is vulnerable to Cross Site Scripting (XSS) in the login-error page. See: OSVDB-2689 + /search.php?searchstring=: Gallery 1.3.4 and below is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. http://www.securityfocus.com/bid/8288. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0614 + /search.asp?term=<%00script>alert('Vulnerable'): ASP.Net 1.1 may allow Cross Site Scripting (XSS) in error pages (only some browsers will render this). + /samples/search.dll?query=&logic=AND: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). + /replymsg.php?send=1&destin=: This version of PHP-Nuke's replymsg.php is vulnerable to Cross Site Scripting (XSS). + /pm_buddy_list.asp?name=A&desc=B%22%3E%3Ca%20s=%22&code=1: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). See: OSVDB-4599 + /phptonuke.php?filnavn=: PHP-Nuke add-on PHPToNuke is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1995 + /phpinfo.php?VARIABLE=: Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1287 + /phpinfo.php3?VARIABLE=: Contains PHP configuration information and is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1287 + /phpBB/viewtopic.php?topic_id=: phpBB is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0484 + /phorum/admin/header.php?GLOBALS[message]=: Phorum 3.3.2a and below from phorum.org is vulnerable to Cross Site Scripting (XSS). See: OSVDB-11145 + /phorum/admin/footer.php?GLOBALS[message]=: Phorum 3.3.2a and below from phorum.org is vulnerable to Cross Site Scripting (XSS). See: OSVDB-11144 + /Page/1,10966,,00.html?var=: Vignette server is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. + /netutils/whodata.stm?sitename=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: OSVDB-5106 + /nav/cList.php?root=: OpenBB 1.0.0 RC3 is vulnerable to Cross Site Scripting (XSS). + /modules/Submit/index.php?op=pre&title=: Basit cms 1.0 is vulnerable to Cross Site Scripting (XSS). See: OSVDB-50539 + /modules/Forums/bb_smilies.php?site_font=}-->: PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). + /modules/Forums/bb_smilies.php?name=: PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). + /modules/Forums/bb_smilies.php?Default_Theme=: PHP-Nuke 6.0 is vulnerable to Cross Site Scripting (XSS). + /modules.php?op=modload&name=Xforum&file=member&action=viewpro&member=: The XForum (PHP-Nuke Add-on module) is vulnerable to Cross Site Scripting (XSS). + /modules.php?op=modload&name=Xforum&file=&fid=2: The XForum (PHP-Nuke Add-on module) is vulnerable to Cross Site Scripting (XSS). + /modules.php?op=modload&name=Wiki&file=index&pagename=: Wiki PostNuke Module is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1070 + /modules.php?op=modload&name=Web_Links&file=index&l_op=viewlink&cid=: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). + /modules.php?op=modload&name=WebChat&file=index&roomid=: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). + /modules.php?op=modload&name=Members_List&file=index&letter=: This install of PHP-Nuke's modules.php is vulnerable to Cross Site Scripting (XSS). + /modules.php?op=modload&name=Guestbook&file=index&entry=: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). + /modules.php?op=modload&name=DMOZGateway&file=index&topic=: The DMOZGateway (PHP-Nuke Add-on module) is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1523 + /modules.php?name=Your_Account&op=userinfo&username=bla: Francisco Burzi PHP-Nuke 5.6, 6.0, 6.5 RC1/RC2/RC3, 6.5 is vulnerable to Cross Site Scripting (XSS). + /modules.php?name=Your_Account&op=userinfo&uname=: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). + /modules.php?name=Surveys&pollID=: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). + /modules.php?name=Stories_Archive&sa=show_month&year=&month=3&month_l=test: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2020 + /modules.php?name=Stories_Archive&sa=show_month&year=2002&month=03&month_l=: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2020 + /modules.php?name=Downloads&d_op=viewdownloaddetails&lid=02&ttitle=: This install of PHP-Nuke is vulnerable to Cross Site Scripting (XSS). See: OSVDB-5914 + /modules.php?name=Classifieds&op=ViewAds&id_subcatg=75&id_catg=: The PHP-Nuke forum is vulnerable to Cross Site Scripting (XSS). + /members.asp?SF=%22;}alert(223344);function%20x()\{v%20=%22: Web Wiz Forums ver. 7.01 and below is vulnerable to Cross Site Scripting (XSS). See: OSVDB-4598 + /megabook/admin.cgi?login=: Megabook guestbook is vulnerable to Cross Site Scripting (XSS). See: OSVDB-3201 + /mailman/listinfo/: Mailman is vulnerable to Cross Site Scripting (XSS). Upgrade to version 2.0.8 to fix. + /launch.jsp?NFuse_Application=: NFuse is vulnerable to cross site scripting (XSS) in the GetLastError function. Upgrade to the latest version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0504 + /launch.asp?NFuse_Application=: NFuse is vulnerable to cross site scripting (XSS) in the GetLastError function. Upgrade to the latest version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0504 + /isapi/testisa.dll?check1=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: OSVDB-5803 + /index.php?action=storenew&username=: SunShop is vulnerable to Cross Site Scripting (XSS) in the signup page. + /index.php/content/search/?SectionID=3&SearchText=: eZ publish v3 and prior allow Cross Site Scripting (XSS). + /index.php/content/advancedsearch/?SearchText=&PhraseSearchText=&SearchContentClassID=-1&SearchSectionID=-1&SearchDate=-1&SearchButton=Search: eZ publish v3 and prior allow Cross Site Scripting (XSS). + /html/partner.php?mainfile=anything&Default_Theme=': myphpnuke version 1.8.8_final_7 is vulnerable to Cross Site Scripting (XSS). + /html/chatheader.php?mainfile=anything&Default_Theme=': myphpnuke version 1.8.8_final_7 is vulnerable to Cross Site Scripting (XSS). + /html/cgi-bin/cgicso?query=: This CGI is vulnerable to Cross Site Scripting (XSS). + /gallery/search.php?searchstring=: Gallery 1.3.4 and below is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. http://www.securityfocus.com/bid/8288. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0614 + /friend.php?op=SiteSent&fname=: This version of PHP-Nuke's friend.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1524 + /forums/index.php?board=;action=login2&user=USERNAME&cookielength=120&passwrd=PASSWORD: YaBB is vulnerable to Cross Site Scripting (XSS) in the password field of the login page. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6133,http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1845 + /error/500error.jsp?et=1;: Macromedia Sitespring 1.2.0(277.1) on Windows 2000 is vulnerable to Cross Site Scripting (XSS) in the error pages. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1027 + /download.php?sortby=&dcategory=: This version of PHP-Nuke's download.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. + /comments.php?subject=&comment=&pid=0&sid=0&mode=&order=&thold=op=Preview: This version of PHP-Nuke's comments.php is vulnerable to Cross Site Scripting (XSS). Upgrade to the latest version. + /cleartrust/ct_logon.asp?CTLoginErrorMsg=: RSA ClearTrust allows Cross Site Scripting (XSS). See: OSVDB-50619 + /cgi-local/cgiemail-1.6/cgicso?query=: This CGI is vulnerable to Cross Site Scripting (XSS). See: https://vulners.com/osvdb/OSVDB:651 + /cgi-local/cgiemail-1.4/cgicso?query=: This CGI is vulnerable to Cross Site Scripting (XSS). See: https://vulners.com/osvdb/OSVDB:651 + /calendar.php?year=&month=03&day=05: DCP-Portal v5.3.1 is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1536 + /bb000001.pl: Actinic E-Commerce services is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1732 + /article.cfm?id=1': With malformed URLs, ColdFusion is vulnerable to Cross Site Scripting (XSS). + /apps/web/vs_diag.cgi?server=: Zeus 4.2r2 (webadmin-4.2r2) is vulnerable to Cross Site Scripting (XSS). See: https://www.mail-archive.com/bugtraq@securityfocus.com/msg11627.html + /addressbook/index.php?surname=: Phpgroupware 0.9.14.003 is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0504 + /addressbook/index.php?name=: Phpgroupware 0.9.14.003 is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0504 + /add.php3?url=ja&adurl=javascript:: Admanager 1.1 is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/vuln-dev/2002/Apr/270 + /a?: Server is vulnerable to Cross Site Scripting (XSS) in the error message if code is passed in the query-string. This may be a Null HTTPd server. + /a.jsp/: JServ is vulnerable to Cross Site Scripting (XSS) when a non-existent JSP file is requested. Upgrade to the latest version of JServ. + /?mod=&op=browse: Sage 1.0b3 is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1243 + /.thtml: Server is vulnerable to Cross Site Scripting (XSS). + /.shtml: Server is vulnerable to Cross Site Scripting (XSS). + /.jsp: Server is vulnerable to Cross Site Scripting (XSS). + /.aspx: Cross site scripting (XSS) is allowed with .aspx file requests (may be Microsoft .net). + /: Server is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0681 + /affich.php?image=: GPhotos index.php rep Variable XSS. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2397 + /diapo.php?rep=: GPhotos index.php rep Variable XSS. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2397 + /index.php?rep=: GPhotos index.php rep Variable XSS. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2397 + /fcgi-bin/echo?foo=: Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). See: OSVDB-700 + /fcgi-bin/echo2?foo=: Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). See: OSVDB-3954 + /fcgi-bin/echo.exe?foo=: Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). See: OSVDB-700 + /fcgi-bin/echo2.exe?foo=: Fast-CGI has two default CGI programs (echo.exe/echo2.exe) vulnerable to Cross Site Scripting (XSS). See: OSVDB-3954 + /apps/web/index.fcgi?servers=§ion=: Zeus Admin server 4.1r2 is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1785 + /shopping/shopdisplayproducts.asp?id=1&cat=: VP-ASP prior to 4.50 are vulnerable to XSS attacks. See: https://seclists.org/bugtraq/2004/Jun/210 + /shopdisplayproducts.asp?id=1&cat=: VP-ASP Shopping Cart 4.x shopdisplayproducts.asp XSS. See: https://seclists.org/bugtraq/2004/Jun/210 + /showmail.pl?Folder=: @Mail WebMail 3.52 contains an XSS in the showmail.pl file. See: OSVDB-2950 + /firewall/policy/dlg?q=-1&fzone=t>&tzone=dmz: Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages. See: https://securitytracker.com/id/1008158 + /firewall/policy/policy?fzone=internal&tzone=dmz1: Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages. See: https://securitytracker.com/id/1008158 + /antispam/listdel?file=blacklist&name=b&startline=0: Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages. See: OSVDB-3295 + /antispam/listdel?file=whitelist&name=a&startline=0(naturally): Fortigate firewall 2.50 and prior contains several XSS vulnerabilities in various administrative pages. See: OSVDB-3295 + /examplesWebApp/InteractiveQuery.jsp?person=: BEA WebLogic 8.1 and below are vulnerable to Cross Site Scripting (XSS) in example code. See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0624 + /sgdynamo.exe?HTNAME=: Ecometry's SGDynamo is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0375 + /docs/: Nokia Electronic Documentation is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0801 + /aktivate/cgi-bin/catgy.cgi?key=0&cartname=axa200135022551089&desc=: Aktivate Shopping Cart 1.03 and lower are vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1212 + /webcalendar/colors.php?color=: Webcalendar 0.9.42 and below are vulnerable to Cross Site Scripting (XSS). See: OSVDB-3632 + /debug/dbg?host==: The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts. See: OSVDB-3762 + /debug/echo?name=: The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts. See: OSVDB-3762 + /debug/errorInfo?title===: The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts. See: OSVDB-3762 + /debug/showproc?proc===: The TCLHttpd 3.4.2 server is vulnerable to Cross Site Scripting (XSS) in debug scripts. See: OSVDB-3762 + /help.php?chapter=: Squirrel Mail 1.2.7 is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1131 + /wwwping/index.stm?wwwsite=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/create.stm?path=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/edit.stm?path=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/ftp.stm?path=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/htaccess.stm?path=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/iecreate.stm?path=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/ieedit.stm?path=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/info.stm?path=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/mkdir.stm?path=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/rename.stm?path=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/search.stm?path=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/sendmail.stm?path=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/template.stm?path=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/update.stm?path=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/vccheckin.stm?path=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/vccreate.stm?path=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/vchist.stm?path=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/edit.stm?name=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/ieedit.stm?name=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/info.stm?name=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/rename.stm?name=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/sendmail.stm?name=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/update.stm?name=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/vccheckin.stm?name=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/vccreate.stm?name=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/vchist.stm?name=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /syshelp/stmex.stm?foo=123&bar=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /syshelp/stmex.stm?foo=&bar=456: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /syshelp/cscript/showfunc.stm?func=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /syshelp/cscript/showfncs.stm?pkg=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /syshelp/cscript/showfnc.stm?pkg=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /netutils/ipdata.stm?ipaddr=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /netutils/findata.stm?host=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /netutils/findata.stm?user=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /sysuser/docmgr/search.stm?query=: Sambar Server default script is vulnerable to Cross Site Scripting (XSS). See: https://seclists.org/fulldisclosure/2003/Mar/265 + /webtools/bonsai/cvsqueryform.cgi?cvsroot=/cvsroot&module=&branch=HEAD: Bonsai is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0154 + /webtools/bonsai/cvsquery.cgi?branch=&file=&date=: Bonsai is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0154 + /webtools/bonsai/cvsquery.cgi?module=&branch=&dir=&file=&who=&sortby=Date&hours=2&date=week: Bonsai is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0154 + /webtools/bonsai/cvslog.cgi?file=*&rev=&root=: Bonsai is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0153 + /webtools/bonsai/cvslog.cgi?file=: Bonsai is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0153 + /webtools/bonsai/cvsblame.cgi?file=: Bonsai is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0154 + /webtools/bonsai/showcheckins.cgi?person=: Bonsai is vulnerable to Cross Site Scripting (XSS). See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0154 + /9HLSwQq3jazvCpcAWl1dXPEIC6vBCPcALZ4oas80i1fh04zhubmSFu9QcQXiELdPSURNyup9RuoXJGItRLA9B6fZNIiSrKS4DvnSV2hnOeaLea5i8KWaxWTe8WmN7hm4VuSmYW5itgOWkSutnUa1JYmD12jZjcuDCrvarO0GV3xHXJcELle06wIn5zeHpGYwuUVejVz27i0yWEvqEbVSMZHfCASWTQo