CVE-2008-7275

Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS before 2.3.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 AgentTicketMailbox or 2 CustomerTicketOverView...

DEBIAN-CVE-2010-4524

Cross-site scripting XSS vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by ipt and ipt sequences...

CVE-2010-4536

Multiple cross-site scripting XSS vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the & ampersand character, 2 the case of an attribute name, 3 a padded entity, and 4 an entity that is not in...

CVE-2010-4348

CVE-2010-4348 affects MantisBT prior to 1.2.4. It is a cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php where an attacker can inject arbitrary web script or HTML via the db_type parameter, due to an unsafe call in the ADOdb PHP library. The issue enables remote attacker co...

DEBIAN-CVE-2010-4329

Cross-site scripting XSS vulnerability in the PMAlinkOrButton function in libraries/common.lib.php in the database db search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request...

Mozilla XSS in gopher parser when parsing hrefs

Multiple cross-site scripting XSS vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a 1 file or 2 directory on a Gopher server...

DEBIAN-CVE-2010-3070

Cross-site scripting XSS vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to an arbitrary PHP script that uses NuSOAP classes...

CVE-2010-3070

Cross-site scripting XSS vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to an arbitrary PHP script that uses NuSOAP classes...

CVE-2010-3263

Cross-site scripting XSS vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name...

DEBIAN-CVE-2010-2958

Cross-site scripting XSS vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages aka debugging messages, a different vulnerability than CVE-2010-3056...

PT-2010-3305 · Cacti · Cacti

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 0.8.7f Description: The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters to certain PHP files. The vulnerable parameters include hostname and description in host.php, as well...

No title provided

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 graph.php, 2 include/topgraphheader.php, 3 lib/htmlform.php, and 4 lib/timespansettings.php, as demonstrated by the a graphend or b graphstart...

No title provided

Cross-site scripting XSS vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing HPC Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter...

DEBIAN-CVE-2010-2790

Multiple cross-site scripting XSS vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the 1 filterset, 2 showdetails, 3 filterrst, or 4 txtselect parameters to the...

PYSEC-2010-17

Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to 1 action/LikePages.py, 2 action/chart.py, and 3 action/userprofile.py, a similar issue to...

CVE-2009-4975

Technical details (affected products, root cause, exploitability or patch information) are not publicly available in the provided documents; monitor for updates.

DEBIAN-CVE-2010-2479

Cross-site scripting XSS vulnerability in HTML Purifier before 4.1.1, as used in Mahara and other products, when the browser is Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2010-2355

Cross-site scripting XSS vulnerability in error.php in Pilot Group PG eLMS Pro allows remote attackers to inject arbitrary web script or HTML via the message parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2010-2273

Multiple cross-site scripting XSS vulnerabilities in Dojo 1.0.x before 1.0.3, 1.1.x before 1.1.2, 1.2.x before 1.2.4, 1.3.x before 1.3.3, and 1.4.x before 1.4.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to...

DEBIAN-CVE-2010-2275

Cross-site scripting XSS vulnerability in dijit/tests/testCommon.js in Dojo Toolkit SDK before 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the theme parameter, as demonstrated by an attack against dijit/tests/form/testButton.html...