6892 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 article-id parameter in conjunction with a /admin/news/article/list PATHINFO; the 3 keyword parameter in conjunction...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 bannerid parameter in conjunction with a /admin/ad/banner/list PATHINFO; and allow remote authenticated users, with certain...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Accoria Web Server aka Rock Web Server 1.4.7 allow remote attackers to inject arbitrary web script or HTML via 1 the query string to the getenv sample program, 2 the desc parameter to loadstatic.cgi, 3 the name parameter to httpdcfg.cgi, or 4 t...
CVE-2010-2265
Cross-site scripting XSS vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE:...
Cross site scripting
Cross-site scripting XSS vulnerability in dana/nc/ncrun.cgi in Juniper Networks IVE 6.5R1 Build 14599 and 6.5R2 Build 14951 allows remote attackers to inject arbitrary web script or HTML via the DSSignInURL cookie...
Cross site scripting
Cross-site scripting XSS vulnerability in the Ping tools web interface in Dlink Di-604 router allows remote attackers to inject arbitrary web script or HTML via the IP field...
CVE-2010-2290
Cross-site scripting XSS vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management UTM Firewall formerly SnapGear firmware 3.0.0 through 4.0.6 allows remote attackers to inject arbitrary web script or HTML via the page parameter...
CVE-2010-2277
Multiple cross-site scripting XSS vulnerabilities in IBM Lotus Connections 2.5.x before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via the 1 create or 2 edit form in the Communities component, the 3 verbiage field in the Bookmarks component, or 4 unspecified vectors...
CVE-2010-2265
CVE-2010-2265 is an XSS in the GetServerName function of sysinfo/commonFunc.js within Windows Help and Support Center on Windows XP and Windows Server 2003, exploitable via svr in sysinfo/sysinfomain.htm. It is paired with CVE-2010-1885, which covers HCP URL handling and can enable command execut...
CVE-2010-0544
Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to inject arbitrary web script or HTML via vectors related to a malformed URL...
CVE-2010-1389
Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a 1 paste or 2 drag-and-drop operation for a...
CVE-2010-1394
Removed by vendor...
Cross site scripting
Cross-site scripting XSS vulnerability in poster.php in PHortail 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the 1 pseudo, 2 email, 3 ti, and 4 txt parameters...
CVE-2010-2256
Multiple cross-site scripting XSS vulnerabilities in Pay Per Minute Video Chat Script 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter to admin/memberviewdetails.php and the 2 model parameter to videos.php...
Cross site scripting
Cross-site scripting XSS vulnerability in signupconfirm.php in phpBannerExchange 1.2 Arabic allows remote attackers to inject arbitrary web script or HTML via the bannerurl parameter...
CVE-2010-1257
Cross-site scripting XSS vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2; Office SharePoint Server 2007 SP1 and SP2; SharePoint Services 3.0 SP1 and SP2; and Internet Explorer 8 allows remote attackers to inject arbitrary web script or...
CVE-2010-2158
Multiple cross-site scripting XSS vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the 1 fullname, 2 phone, or 3 im parameter in a stormperson action to index.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the 1 fullname, 2 phone, or 3 im parameter in a stormperson action to index.php...
Cross site scripting
Cross-site scripting XSS vulnerability Fujitsu e-Pares V01 L01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2010-2147
Cross-site scripting XSS vulnerability in the My Car commycar component 1.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the modveh parameter to index.php...