CVE-2011-1689

Multiple cross-site scripting XSS vulnerabilities in Best Practical Solutions RT 2.0.0 through 3.6.10, 3.8.0 through 3.8.9, and 4.0.0rc through 4.0.0rc7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

DEBIAN-CVE-2011-1716

Multiple cross-site scripting XSS vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

PYSEC-2011-18

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas...

PYSEC-2011-20

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments...

CVE-2011-1668

Cross-site scripting XSS vulnerability in search.php in AR Web Content Manager AWCM 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter...

CVE-2011-1668

Cross-site scripting XSS vulnerability in search.php in AR Web Content Manager AWCM 2.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the search parameter...

CVE-2011-0700

Multiple cross-site scripting XSS vulnerabilities in WordPress before 3.0.5 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to 1 the Quick/Bulk Edit title aka post title or posttitle, 2 poststatus, 3 commentstatus, 4 pingstatus, and 5 escaping of tags...

DEBIAN-CVE-2010-3906

Cross-site scripting XSS vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 f and 2 fp parameters...

Cross site scripting

Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local Zone by specifying ...

Cross site scripting

Cross-site scripting XSS vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the VIEWSTATE parameter. NOTE: some of these details are obtained from third party information...

MODx Revolution CMS Cross Site Scripting

getObject'modUser',array 30: 'username' = $POST'username', 31: ; ... 71: else if !empty$POST'forgotlogin' 72: $c = $modx-newQuery'modUser'; 73: $c-selectarray'modUser.','Profile.email','Profile.fullname'; 74: $c-innerJoin'modUserProfile','Profile'; 75: $c-wherearray 76: '...

CVE-2010-4329

Cross-site scripting XSS vulnerability in the PMAlinkOrButton function in libraries/common.lib.php in the database db search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request...

Cross site scripting

Cross-site scripting XSS vulnerability in the Flash component infrastructure in YUI 2.4.0 through 2.8.1, as used in Bugzilla, Moodle, and other products, allows remote attackers to inject arbitrary web script or HTML via vectors related to charts/assets/charts.swf...

CVE-2010-3056

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.11.x before 2.11.10.1 and 3.x before 3.3.5.1 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 dbsearch.php, 2 dbsql.php, 3 dbstructure.php, 4 js/messages.php, 5 libraries/common.lib.php, 6...

DEBIAN-CVE-2010-2544

Cross-site scripting XSS vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing HPC Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter...

PT-2010-4096 · Cacti · Cacti

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 0.8.7g Description: The issue allows remote attackers to inject arbitrary web script or HTML via the name element in an XML template to templates import.php. Additionally, remote authenticated administrators can inject...

httpd: mod_proxy_ftp globbing XSS

A flaw was found in the modproxyftp module. Where Apache is configured to support ftp-over-httpd proxying, a remote attacker could perform a cross-site scripting attack. CVE-2008-2939...

apache mod_status cross-site scripting

Cross-site scripting XSS vulnerability in modstatus in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-4975

Cross-site scripting XSS vulnerability in webview.cpp in QtDemoBrowser allows remote attackers to inject arbitrary web script or HTML via a URL associated with a nonexistent domain name, related to a "universal XSS" issue, a similar vulnerability to CVE-2010-2536...

tomcat: missing fix for CVE-2009-0781

Cross-site scripting XSS vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat on Red Hat Enterprise Linux 5, Desktop Workstation 5, and Linux Desktop 5 allows remote attackers to inject arbitrary web script or HTML via the time parameter,...