Cross site scripting

Cross-site scripting XSS vulnerability in webdesktop/app in the BlackBerry Web Desktop Manager component in Research In Motion RIM BlackBerry Enterprise Server BES software before 5.0.2 MR5 and 5.0.3 before MR1, and BlackBerry Enterprise Server Express software 5.0.1 and 5.0.2, allows remote...

CVE-2011-1662

Cross-site scripting XSS vulnerability in Translation Management module 6.x before 6.x-1.21 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-0641

Multiple cross-site scripting XSS vulnerabilities in wp-admin/admin.php in the StatPressCN plugin 1.9.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 what1, 2 what2, 3 what3, 4 what4, and 5 what5 parameters. NOTE: the provenance of this information is...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Seo Panel 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 defaultnews or 2 sponsors cookies, which are not properly handled by a controllers/index.ctrl.php or b controllers/settings.ctrl.php...

CVE-2010-4114

Cross-site scripting XSS vulnerability in HP Discovery & Dependency Mapping Inventory DDMI 2.5x, 7.5x, and 7.6x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-4407

Multiple cross-site scripting XSS vulnerabilities in index.php in AlGuest 1.1c-patched allow remote attackers to inject arbitrary web script or HTML via the 1 nome nickname, 2 messaggio message, and 3 link homepage parameters...

FreeBSD Ports: mailman

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2010-3427

Multiple cross-site scripting XSS vulnerabilities in Open Classifieds 1.7.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 desc, 2 price, 3 title, and 4 place parameters to index.php and the 5 subject parameter to contact.htm, related to content/contact.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Local Management Interface LMI on the IBM Proventia Network Mail Security System PNMSS appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via 1 the date1 parameter to pvmmessagestore.php, 2...

CVE-2010-2574

Cross-site scripting XSS vulnerability in manageprojcatadd.php in MantisBT 1.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the name parameter in an Add Category action...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/editors/text/editor-body.php in Orbis CMS 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the s parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in adminloginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request...

CVE-2010-2281

Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 bannerid parameter in conjunction with a /admin/ad/banner/list PATHINFO; and allow remote authenticated users, with certain...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with "Add new article" privileges, to inject arbitrary web script or HTML via the 1 title, 2 subTitle, and 3 author parameters in conjunction with a /admin/news/article/add...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Zikula Application Framework 1.2.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 func parameter to index.php, or the 2 lang parameter to index.php, which is not properly handled by ZLanguage.php...

CVE-2009-4677

CVE-2009-4677 is an XSS vulnerability in the search.php of phpFK PHP Forum ohne 7.0.4. The issue allows remote attackers to inject arbitrary web script or HTML via the search parameter. The provided documents confirm the affected product/version and the vulnerable parameter (search). No explicit ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Webee Comments comwebeecomment component 1.1.1, 1.2, and 2.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the 1 color, 2 img, or 3 url BBCode tags in unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in login.php in phpGroupWare 0.9.16.12, and possibly other versions before 0.9.16.014, allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter whose name begins with the "phpgw" sequence...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks...

CVE-2009-4047

Multiple cross-site scripting XSS vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to area.php; the 2 pagina, 3 sentido, 4 qregistros, and 5 orden parameters to area.php; 6 the qregistros parameter to solicdisplay.php; 7 the...