CVE-2007-5338

Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote attackers to execute arbitrary Javascript with user privileges by using the Script object to modify XPCNativeWrappers in a way that causes the script to be executed when a chrome action is performed...

Hardcoded credentials

Interpretation conflict in the Sun Java Virtual Machine JVM allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet...

Cross site scripting

Cross-site scripting XSS vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element...

Cross site scripting

Cross-site scripting XSS vulnerability in Bandersnatch 0.4 allows remote attackers to inject arbitrary JavaScript via a Jabber resource name and possibly other data items, which are stored in conversation logs...

CVE-2007-3910

Cross-site scripting XSS vulnerability in Bandersnatch 0.4 allows remote attackers to inject arbitrary JavaScript via a Jabber resource name and possibly other data items, which are stored in conversation logs...

CVE-2007-3910

Cross-site scripting XSS vulnerability in Bandersnatch 0.4 allows remote attackers to inject arbitrary JavaScript via a Jabber resource name and possibly other data items, which are stored in conversation logs...

Design/Logic Flaw

The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklistedit.asp...

CVE-2007-3017

The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklistedit.asp...

JVN#36628264 Lunascape RSS reader arbitrary script execution vulnerability

Impact Arbitrary JavaScript could be executed within Lunascape's RSS reader. Solution Products Affected Lunascape 4.1.3 build 2 and earlier...

Cross site scripting

Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM...

CVE-2007-2060

Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM...

CVE-2007-2060

Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 extension to Mozilla Firefox allows remote attackers to execute arbitrary Javascript in the browser chrome via the RSS feed DOM...

CVE-2007-0994

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an 1 img, 2 link, or 3 style tag, which...

Design/Logic Flaw

A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI in an 1 img, 2 link, or 3 style tag, which...

CVE-2007-0994

CVE-2007-0994 affects Mozilla Firefox 2.x before 2.0.0.2 and Firefox 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8. A regression in handling HTML mail with javascript: URIs in , (link), or tags could bypass access checks and allow remote JavaScript execution with chro...

CVE-2006-7050

Cross-site scripting XSS vulnerability in WikkaWiki Wikka Wiki before 1.1.6.2 allows remote attackers to inject arbitrary javascript via 1 events in forced links url parameter that are not properly handled in formatters/wakka.php, and possibly 2 other vectors in wikka.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via 1 e-mail messages and 2 the ID parameter to a right.asp, b Forms/MAI/list.asp, and c Forms/VCF/list.asp in mewebmail/base/default/lang/EN/...

CVE-2007-0651

Multiple cross-site scripting XSS vulnerabilities in MailEnable Professional before 2.37 allow remote attackers to inject arbitrary Javascript script via 1 e-mail messages and 2 the ID parameter to a right.asp, b Forms/MAI/list.asp, and c Forms/VCF/list.asp in mewebmail/base/default/lang/EN/...

CVE-2006-6978

Cross-site scripting XSS vulnerability in the "Basic Toolbar Selection" in FCKEditor allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the 1 href or 2 onmouseover attribute of the A HTML tag...

CVE-2006-6977

Cross-site scripting XSS vulnerability in the "Basic Toolbar Selection" in FreeTextBox allows remote attackers to execute arbitrary JavaScript via the javascript: URI in the 1 href or 2 onmouseover attribute of the A HTML tag...