Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

CVE-2007-5980

Cross-site scripting XSS vulnerability in home/rss.php in eggblog before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

CVE-2007-5983

Cross-site scripting XSS vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

CVE-2007-5589

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via certain input available in 1 PHPSELF in a serverstatus.php, and b grabglobals.lib.php, c displaychangepassword.lib.php, and d common.lib.php in...

CVE-2007-5383

The CVE-2007-5383 entry concerns Thomson/Alcatel SpeedTouch 7G routers (as used with BT Home Hub 6.2.6.B and earlier). The vulnerability allows remote attackers on an intranet to bypass authentication and gain administrative access by manipulating the PATH_INFO end character (notably a trailing s...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to the default URI associated with a directory, as demonstrated by a the root directory and b the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in Vigile CMS 1.8 allow remote attackers to inject arbitrary web script or HTML via a request to the wiki module with 1 the title parameter or 2 a "title=" sequence in the PATHINFO, or a request to the download module with 3 the cat...

CVE-2007-5052

Multiple cross-site scripting XSS vulnerabilities in index.php in Vigile CMS 1.8 allow remote attackers to inject arbitrary web script or HTML via a request to the wiki module with 1 the title parameter or 2 a "title=" sequence in the PATHINFO, or a request to the download module with 3 the cat...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to inject arbitrary web script or HTML via 1 the val parameter to alphabet.php in an alpha.albums action, or the PATHINFO to 2 random.php or 3 admin/hidden.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in InterWorx Hosting Control Panel InterWorx-CP Webmaster Level SiteWorx 3.0.2 1 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php; and allow remote authenticated users to inject arbitrary web script or HT...

CVE-2007-4483

Cross-site scripting XSS vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in the 1 Blix 0.9.1 and 2 Blix 0.9.1 Rus themes for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

CVE-2007-4480

Cross-site scripting XSS vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

CVE-2007-4480

CVE-2007-4480 affects the Sirius 1.0 WordPress theme. The vulnerability is a Cross-Site Scripting (XSS) in index.php via PATH_INFO (PHP_SELF), allowing remote attackers to inject arbitrary script/HTML. No exploitation details are provided; remediation is to update the theme (patch/version update ...

CVE-2007-4482

The CVE-2007-4482 entry describes a Cross-site scripting (XSS) vulnerability in the Pool theme for WordPress v1.0.7, exploitable via PATH_INFO (PHP_SELF) in index.php. The vulnerability could allow remote attackers to inject arbitrary web script or HTML. Affected component: Pool theme (WordPress)...

CVE-2007-4480

Cross-site scripting XSS vulnerability in index.php in the Sirius 1.0 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

CVE-2007-4482

Cross-site scripting XSS vulnerability in index.php in the Pool 1.0.7 theme for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...

CVE-2007-4483

Cross-site scripting XSS vulnerability in index.php in the WordPress Classic 1.5 theme in WordPress before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO PHPSELF...