CVE-2007-5051

Multiple cross-site scripting XSS vulnerabilities in PhpGedView 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 boxwidth, 2 PEDIGREEGENERATIONS, and 3 rootid parameters in ancestry.php, and the 4 newpid parameter in timeline.php. NOTE: the provenance of this...

CVE-2007-4465

Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...

CVE-2007-4465

Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...

DEBIAN-CVE-2007-4306

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the 1 unlimnumrows, 2 sqlquery, or 3 pos parameter to a tblexport.php; the 4 sessionmaxrows or 5 pos parameter to b sql.php; the 6 username parameter to c...

CVE-2007-4245

DiMeMa CONTENTdm (CDM) 4.2 is affected by an XSS in Search.php, allowing remote attackers to inject arbitrary scripts via a search, likely tied to the CISOBOX1 parameter in results.php. The vulnerability concerns the search functionality within CDM and is documented across multiple sources as a C...

CVE-2007-4088

Multiple cross-site scripting XSS vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 id, 2 f, 3 quote, and 4 act parameters to cp.php; the 5 u parameter to user.php; the 6 f parameter to post.php; the 7 s parameter to topic.php; the 8 quot...

EUVD-2007-3174

Multiple cross-site scripting XSS vulnerabilities in Calendarix 0.7.20070307, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 year and 2 month parameters to calendar.php, and the 3 leftfooter parameter to calfooter.inc.php. NOTE: the ycyear...

tomcat accept-language xss flaw

Cross-site scripting XSS vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616"...

tomcat XSS in example webapps

Cross-site scripting XSS vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly...

DEBIAN-CVE-2007-2739

Cross-site scripting XSS vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2007-2627

Cross-site scripting XSS vulnerability in sidebar.php in WordPress, when custom 404 pages that call getsidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string PHPSELF, a different vulnerability than CVE-2007-1622...

CVE-2007-2524

Cross-site scripting XSS vulnerability in index.pl in Open Ticket Request System OTRS 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, b...

CVE-2007-1969

Cross-site scripting XSS vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter...

CVE-2007-1894

Cross-site scripting XSS vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wptitle function...

Cross site scripting

Cross-site scripting XSS vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948...

CVE-2007-1175

Cross-site scripting XSS vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2007-1055

Cross-site scripting XSS vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177...

CVE-2007-1054

Cross-site scripting XSS vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer...

CVE-2007-0204

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information...

DEBIAN-CVE-2007-0204

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information...