CVE-2007-3238

Cross-site scripting XSS vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATHINFO REQUESTURI to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not...

Cross site scripting

Cross-site scripting XSS vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATHINFO REQUESTURI to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not...

CVE-2007-3238

Cross-site scripting XSS vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATHINFO REQUESTURI to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not...

CVE-2007-3238

Cross-site scripting XSS vulnerability in functions.php in the default theme in WordPress 2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the PATHINFO REQUESTURI to wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE: this might not...

CVE-2007-3238

CVE-2007-3238 is a cross-site scripting (XSS) vulnerability in the default WordPress theme’s functions.php on WordPress 2.2. It allows remote authenticated administrators to inject arbitrary script/HTML via PATH_INFO (REQUEST_URI) to wp-admin/themes.php. Some configurations may not elevate privil...

Cross site scripting

Cross-site scripting XSS vulnerability in 404.php in Domain Technologie Control DTC before 0.25.9 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO REQUESTURI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2007-3170

Multiple cross-site scripting XSS vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to redirect.php or 2 the selectedtheme parameter to demo/pop3/error.php...

CVE-2007-3170

CVE-2007-3170 relates to multiple XSS vulnerabilities in UebiMiau Webmail. The affected component is the webmail PHP application, with two identified vectors: (1) PATH_INFO to redirect.php and (2) the selected_theme parameter to demo/pop3/error.php. The underlying issue is insufficient sanitizati...

Code injection

The CERN Image Map Dispatcher htimage.exe in Microsoft FrontPage allows remote attackers to determine the existence, and possibly partial contents, of arbitrary files under the web root via a relative pathname in the PATHINFO...

Cross site scripting

Cross-site scripting XSS vulnerability in includes/send.inc.php in Evenzia CMS allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2007-2991

Cross-site scripting XSS vulnerability in includes/send.inc.php in Evenzia CMS allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2007-2991

Cross-site scripting XSS vulnerability in includes/send.inc.php in Evenzia CMS allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2007-2991

In CVE-2007-2991, the vulnerability is a Cross‑Site Scripting (XSS) flaw in Evenzia CMS, specifically in includes/send.inc.php, exploitable via the PATH_INFO parameter. The documented impact is remote attackers can inject arbitrary web script or HTML into the context of the affected application. ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 awards.php, 2 login.php, 3 register.php, 4 weapons.php, and possibly other unspecified files...

CVE-2007-2914

Multiple cross-site scripting XSS vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 awards.php, 2 login.php, 3 register.php, 4 weapons.php, and possibly other unspecified files...

CVE-2007-2914

Multiple cross-site scripting XSS vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 awards.php, 2 login.php, 3 register.php, 4 weapons.php, and possibly other unspecified files...

CVE-2007-0246

plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATHINFO...

CVE-2007-0246

plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 before 20070524, aka gforge-plugin-scmcvs, allows remote attackers to execute arbitrary commands via shell metacharacters in the PATHINFO...

CVE-2007-2812

Cross-site scripting XSS vulnerability in hlstats.php in HLstats 1.35, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO or 2 the action parameter...

CVE-2007-2812

Cross-site scripting XSS vulnerability in hlstats.php in HLstats 1.35, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO or 2 the action parameter...