6892 matches found
CVE-2010-2514
Cross-site scripting XSS vulnerability in the JFaq comjfaq component 1.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the question parameter in an add2 action to index.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the 1 keyword parameter to category.php and the 2 password parameter to memberlogin.php...
CVE-2010-2509
The CVE-2010-2509 entries describe cross-site scripting vulnerabilities in 2daybiz Web Template Software. The affected components are the category.php file (parameter: keyword) and memberlogin.php (parameter: password). The underlying issue is improper handling of user-supplied input leading to s...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via 1 redirects, aka SPL-31067; 2 unspecified "user-user or user-admin" vectors, aka SPL-31084; or 3 unspecified "user input," aka...
CVE-2009-4908
Multiple cross-site scripting XSS vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the 1 commentName, 2 commentEmail, 3 commentWeb, or 4 commentText parameter to article.php; and allow remote authenticated administrators to inject arbitrary web script or...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the 1 commentName, 2 commentEmail, 3 commentWeb, or 4 commentText parameter to article.php; and allow remote authenticated administrators to inject arbitrary web script or...
CVE-2009-4908
Multiple cross-site scripting XSS vulnerabilities in oBlog allow remote attackers to inject arbitrary web script or HTML via the 1 commentName, 2 commentEmail, 3 commentWeb, or 4 commentText parameter to article.php; and allow remote authenticated administrators to inject arbitrary web script or...
CVE-2010-2422
Cross-site scripting XSS vulnerability in PortalTransforms in Plone 2.1 through 3.3.4 before hotfix 20100612 allows remote attackers to inject arbitrary web script or HTML via the safehtml transform...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in content/internalError.jsp in IBM WebSphere ILOG JRules 6.7 allow remote attackers to inject arbitrary web script or HTML via an RTS URL to 1 explore/explore.jsp, 2 compose/compose.jsp, or 3 home.jsp in faces/...
Cross site scripting
Cross-site scripting XSS vulnerability in error.php in Pilot Group PG eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Cross site scripting
Cross-site scripting XSS vulnerability in the FileField module 5.x before 5.x-2.5 and 6.x before 6.x-3.4 for Drupal allows remote authenticated users, with create or edit permissions and 'Path to File' or 'URL to File' display enabled, to inject arbitrary web script or HTML via the file name...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in odCMS 1.06, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the Page parameter to 1 main/index.php, 2 members/index.php, 3 forum/index.php, 4 docs/index.php, and 5 announcements/index.php...
Cross site scripting
Cross-site scripting XSS vulnerability in the WEBrick HTTP server in Ruby in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, allows remote attackers to inject arbitrary web script or HTML via a crafted URI that triggers a UTF-7 error page...
Cross site scripting
Cross-site scripting XSS vulnerability in Help Viewer in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted help: URL, related to "URL parameters in HTML content."...
Cross site scripting
Cross-site scripting XSS vulnerability in cmsdata.php in PHPCityPortal 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter...
CVE-2010-2318
Cross-site scripting XSS vulnerability in cmsdata.php in PHPCityPortal 1.3 allows remote attackers to inject arbitrary web script or HTML via the page parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing...
CVE-2010-2179
Cross-site scripting XSS vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when Firefox or Chrome is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to URL parsing...
CVE-2010-2273
Multiple cross-site scripting XSS vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to...
CVE-2010-2281
Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 bannerid parameter in conjunction with a /admin/ad/banner/list PATHINFO; and allow remote authenticated users, with certain...