6892 matches found
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Agreement module 6.x before 6.x-1.2 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
CVE-2009-4063
Cross-site scripting XSS vulnerability in the Subgroups for Organic Groups OG module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles...
CVE-2009-4064
Cross-site scripting XSS vulnerability in the Gallery Assist module 6.x before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via node titles...
CVE-2009-4065
Cross-site scripting XSS vulnerability in the settings page in the Strongarm module 6.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via the value field when viewing overridden variables...
CVE-2009-4052
Multiple cross-site scripting XSS vulnerabilities in the JSF Widget Library Runtime in IBM Rational Application Developer for WebSphere Software before 7.0.0.10 and Rational Software Architect before 7.0.0.10 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 th...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to area.php; the 2 pagina, 3 sentido, 4 qregistros, and 5 orden parameters to area.php; 6 the qregistros parameter to solicdisplay.php; 7 the...
CVE-2009-4038
Multiple cross-site scripting XSS vulnerabilities in NCH Software Axon Virtual PBX 2.10 and 2.11 allow remote attackers to inject arbitrary web script or HTML via the 1 onok or 2 oncancel parameter to the logon program. NOTE: the provenance of this information is unknown; the details are obtained...
CVE-2009-3891
Cross-site scripting XSS vulnerability in wp-admin/press-this.php in WordPress before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML via the s parameter aka the selection variable...
Cross site scripting
Cross-site scripting XSS vulnerability in Best Practical Solutions RT 3.6.x before 3.6.9, 3.8.x before 3.8.5, and other 3.4.6 through 3.8.4 versions allows remote attackers to inject arbitrary web script or HTML via certain Custom Fields...
CVE-2009-3618
Cross-site scripting XSS vulnerability in viewvc.py in ViewVC 1.0 before 1.0.9 and 1.1 before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the view parameter. NOTE: some of these details are obtained from third party information...
CVE-2009-3914
Cross-site scripting XSS vulnerability in the Temporary Invitation module 5.x before 5.x-2.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Name field in an invitation...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to 1 Wizardtracking.asp, 2 wizardoe2.asp, 3 your-register.asp, 4 main-whyregister.asp, and 5 your.asp in home/, and other unspecified vectors...
CVE-2009-3905
Multiple cross-site scripting XSS vulnerabilities in e-Courier CMS allow remote attackers to inject arbitrary web script or HTML via the UserGUID parameter to 1 Wizardtracking.asp, 2 wizardoe2.asp, 3 your-register.asp, 4 main-whyregister.asp, and 5 your.asp in home/, and other unspecified vectors...
CVE-2009-3300
Multiple cross-site scripting XSS vulnerabilities in the Identity Provider IdP 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via...
CVE-2009-3300
Multiple cross-site scripting XSS vulnerabilities in the Identity Provider IdP 1.3.x before 1.3.4 and 2.x before 2.1.5, and the Service Provider 1.3.x before 1.3.5 and 2.x before 2.3, in Internet2 Middleware Initiative Shibboleth allow remote attackers to inject arbitrary web script or HTML via...
WordPress <= 2.8.5 - XSS
Because of this vulnerability in wp-admin/press-this.php, authenticated users can inject arbitrary web script or HTML via the "s" parameter. Solution Update WordPress...
Cross site scripting
Cross-site scripting XSS vulnerability in the t3libdiv::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing...
Cross site scripting
Cross-site scripting XSS vulnerability in the Frontend Login Box aka felogin subcomponent in TYPO3 4.2.0 through 4.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...
CVE-2009-3629
Multiple cross-site scripting XSS vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2009-3833
Cross-site scripting XSS vulnerability in index.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the album parameter...