CVE-2010-2543

Cross-site scripting XSS vulnerability in include/topgraphheader.php in Cacti before 0.8.7g allows remote attackers to inject arbitrary web script or HTML via the graphstart parameter to graph.php. NOTE: this vulnerability exists because of an incorrect fix for CVE-2009-4032.2.b...

CVE-2010-2544

Cross-site scripting XSS vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing HPC Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter...

Sun Java Runtime Environment Abstract Windowing Toolkit Memory Corruption (CVE-2008-5359)

There exists a buffer overflow vulnerability in Sun Java Runtime Environment JRE. The vulnerability is caused due to improper checking of parameters passed to natively implemented class methods. A remote attacker may leverage this vulnerability to inject and execute arbitrary code on the target...

CVE-2010-2273

Summary: CVE-2010-2273 describes multiple cross-site scripting vulnerabilities in Dojo across several major 1.0.x–1.4.x branches. The flaws allow remote attackers to inject arbitrary script or HTML via unspecified vectors, with potential references to files such as dojo/resources/iframe_history.h...

CVE-2010-1389

CVE-2010-1389 describes a cross-site scripting (XSS) vulnerability in WebKit used by Apple Safari on Windows and macOS. It allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a (1) paste or (2) drag‑and‑drop operation for a selection. Affected versio...

CVE-2010-2144

CVE-2010-2144 describes a cross-site scripting (XSS) vulnerability in SignInForm.php of the Zeeways eBay Clone Auction Script, exploitable by remote attackers via the msg parameter. Affected component: signinform.php; vulnerability arises from improper handling of user-supplied input leading to s...

CVE-2010-2040

Cross-site scripting XSS vulnerability in search.php in V-EVA Shopzilla Affiliate Script PHP allows remote attackers to inject arbitrary web script or HTML via the s parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in upload.cgi in G5-Scripts Auto-Img-Gallery 1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 user and 2 pass parameters...

CVE-2010-1711

CVE-2010-1711 concerns the Siestta 2.0 web app. The vulnerability is an XSS in carga_foto_al.php, exploitable when register_globals is enabled, allowing an attacker to inject arbitrary script via the usuario parameter. Reported impact aligns with partial integrity impact and no confidentiality/av...

CVE-2009-4786

Multiple cross-site scripting XSS vulnerabilities in Pligg before 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to 1 admin/adminconfig.php, 2 admin/adminmodules.php, 3 delete.php, 4 editlink.php, 5 submit.php, 6 submitgroups.php, 7...

CVE-2009-4692

CVE-2009-4692 describes a Cross-site Scripting (XSS) vulnerability in RadScripts RadLance Gold 7.5, specifically in index.php where the pr parameter in a ulist action can be exploited to inject arbitrary script or HTML. The vulnerability is tied to a flaw in how user-supplied data is handled in t...

CVE-2004-2765

CVE-2004-2765 is an XSS vulnerability in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 prior to 5.2hf2.02. The issue occurs in Webmail when using Internet Explorer, where a crafted e-mail message can cause arbitrary web script/HTML to be injected. Connected sources (Red Hat and NV...

CVE-2009-4497

Cross-site scripting XSS vulnerability in LXR Cross Referencer 0.9.5 and 0.9.6 allows remote attackers to inject arbitrary web script or HTML via the i parameter to the ident program...

CVE-2009-4590

CVE-2009-4590 refers to a Cross-site scripting (XSS) flaw in Basic Analysis and Security Engine (BASE) before version 1.4.4, exploitable via base_local_rules.php with unspecified vectors. Affected product is BASE; root cause involves inadequate input handling in BASE prior to 1.4.4, resulting in ...

CVE-2009-4523

CVE-2009-4523 is an XSS vulnerability in Zainu 1.0. The issue resides in index.php, vulnerable via the searchSongKeyword parameter in a SearchSong action, allowing remote injection of arbitrary script/HTML. The NVD entry assigns a CVSSv2 base score of 4.3 (medium) with network attack vector, requ...

CVE-2009-4391

CVE-2009-4391 is a cross-site scripting (XSS) vulnerability in TYPO3’s File list (dr_blob) extension 2.1.1. It allows remote attackers to inject arbitrary script or HTML via unspecified vectors. The connected documents consistently identify the affected component as TYPO3 with the dr_blob extensi...

CVE-2009-4369

CVE-2009-4369 describes a Cross-site scripting (XSS) vulnerability in Drupal Core’s Contact module (modules/contact/contact.admin.inc or modules/contact/contact.module). Affects Drupal Core 5.x before 5.21 and 6.x before 6.15. The issue allows remote authenticated users with the permission to “ad...

CVE-2009-4317

CVE-2009-4317 describes a Cross-site scripting (XSS) vulnerability in index.php of ScriptsEz Ez Cart. The issue allows remote attackers to inject arbitrary web script or HTML via the sid parameter in a showcat action, potentially affecting user sessions and page content. The NVD entry records a C...

CVE-2009-4237

TestLink (before version 1.8.5) is affected by multiple XSS and SQL injection vulnerabilities. The XSS flaws affect inputs across several scripts (e.g., login.php req parameter; lib/general/staticPage.php key; lib/attachments/attachmentupload.php tableName; lib/events/eventviewer.php startDate, e...

CVE-2009-3950

Bractus SunTrack is affected by CVE-2009-3950, which has multiple XSS vulnerabilities. The issue allows remote attackers to inject arbitrary web script or HTML through input fields across several pages: the title parameter in newprofile.html; the firstname, lastname, and company parameters in sig...