CVE-2009-2219

Multiple cross-site scripting XSS vulnerabilities in phpCollegeExchange 0.1.5c allow remote attackers to inject arbitrary web script or HTML via the 1 SESSIONhandle parameter to a home.php, b books/allbooks.php, or c books/home.php; or the 2 home parameter to d ihead.php or e inav.php, or f...

CVE-2009-2170

Multiple cross-site scripting XSS vulnerabilities in Mahara 1.0 before 1.0.12 and 1.1 before 1.1.5 allow remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2009-2149

Multiple cross-site scripting XSS vulnerabilities in Campus Virtual-LMS allow remote attackers to inject arbitrary web script or HTML via the 1 courseid parameter to enrolments/step1.php, or the 2 search or 3 siteid parameter to files/sharedlist.php...

CVE-2009-1702

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects...

CVE-2009-0239

Cross-site scripting XSS vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Sear...

CVE-2009-1482

Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an AttachFile sub-action in the errormsg function or 2 multiple vectors related to package file errors in the uploadform...

CVE-2008-6733

Cross-site scripting XSS vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter...

php: XSS via PHP error messages

Cross-site scripting XSS vulnerability in PHP, possibly 5.2.7 and earlier, when displayerrors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208...

CVE-2009-0796

Cross-site scripting XSS vulnerability in Status.pm in Apache::Status and Apache2::Status in modperl1 and modperl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI...

CVE-2009-0934

Cross-site scripting XSS vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs...

CVE-2009-0260

Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with 1 the rename parameter or 2 the drawing parameter aka the basename variable...

CVE-2009-0245

Cross-site scripting XSS vulnerability in Usagi Project MyNETS 1.2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4629...

PHPAds 2.0 Multiple Remote Vulnerabilities

No description provided by source. Vendor: http://blondish.net Versions: PHPAds 2.0 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at http://www.push55.co.uk/advisories.php?id=8 ---- First, we need to acquire administrative access. We point our browser at...

PT-2008-6645 · Projectpier · Projectpier

Name of the Vulnerable Software and Affected Versions: ProjectPier versions 0.8 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via various means, including a message, a milestone, or a display name in a profile, or the a or c parameter to...

PT-2008-6516 · Mvnforum · Mvnforum

Name of the Vulnerable Software and Affected Versions: mvnForum versions prior to 1.2.1 GA Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via unspecified parameters in the listonlineusers component. Recommendations: For...

DEBIAN-CVE-2008-4775

Cross-site scripting XSS vulnerability in pmdpdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when registerglobals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and...

Flash Player XSS

Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers...

Flash Player HTML injection flaw

Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute...

CVE-2008-4535

Cross-site scripting XSS vulnerability in EC-CUBE Ver2 2.1.2a and earlier, EC-CUBE Ver2 BetaRC 2.2.0-beta and earlier, and EC-CUBE Community Edition Nighly-Build r17623 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than...

DEBIAN-CVE-2008-4408

Cross-site scripting XSS vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component...