Cross site scripting

Cross-site scripting XSS vulnerability in the search feature in Campsite 3.4.0 allows remote attackers to inject arbitrary web script or HTML via the fsearchkeywords parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2011-4064

Cross-site scripting XSS vulnerability in the setup interface in phpMyAdmin 3.4.x before 3.4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value...

UBUNTU-CVE-2011-3243

Cross-site scripting XSS vulnerability in WebKit, as used in Apple iOS before 5 and Safari before 5.1.1, allows remote attackers to inject arbitrary web script or HTML via vectors involving inactive DOM windows...

CVE-2010-4949

Cross-site scripting XSS vulnerability in the 1 FreiChat component before 2.1.2 for Joomla! and the 2 FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window...

PT-2011-4741 · Unknown · Black-Letterhead

Name of the Vulnerable Software and Affected Versions: Black-LetterHead theme version 1.5 and earlier Description: A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved by manipulating the PATH INFO to index.php. Recommendations: F...

PT-2011-4740 · Erudite · Erudite

Name of the Vulnerable Software and Affected Versions: The Erudite theme versions prior to 2.7.9 Description: A cross-site scripting issue allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. Recommendations: For versions prior to 2.7.9, update to version 2.7.9 ...

VulnCheck KEV: CVE-2011-2444

Cross-site scripting XSS vulnerability in Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and Solaris, and before 10.3.186.7 on Android, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, related to a "universal cross-site scripting issue," as...

Satellite: XSS flaw(s) in filter handling

Multiple cross-site scripting XSS vulnerabilities in Spacewalk 1.6, as used in Red Hat Network RHN Satellite, allow remote attackers to inject arbitrary web script or HTML via the "Filter by Synopsis" field and other unspecified filter forms...

CVE-2009-5092

Cross-site scripting XSS vulnerability in the management interface in Microsoft FAST ESP 5.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

DEBIAN-CVE-2011-2932

Cross-site scripting XSS vulnerability in activesupport/lib/activesupport/coreext/string/outputsafety.rb in Ruby on Rails 2.x before 2.3.13, 3.0.x before 3.0.10, and 3.1.x before 3.1.0.rc5 allows remote attackers to inject arbitrary web script or HTML via a malformed Unicode string, related to a...

DEBIAN-CVE-2011-3181

Multiple cross-site scripting XSS vulnerabilities in the Tracking feature in phpMyAdmin 3.3.x before 3.3.10.4 and 3.4.x before 3.4.4 allow remote attackers to inject arbitrary web script or HTML via a 1 table name, 2 column name, or 3 index name...

CVE-2011-2904

Cross-site scripting XSS vulnerability in acknow.php in Zabbix before 1.8.6 allows remote attackers to inject arbitrary web script or HTML via the backurl parameter...

CVE-2011-2947

Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document...

CVE-2011-2976

Cross-site scripting XSS vulnerability in Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, and 3.4.x before 3.4.12 allows remote attackers to inject arbitrary web script or HTML via vectors involving a BUGLIST cookie...

AContent 1.1 (category_name) Remote Script Insertion Vulnerability

Summary AContent is an open source learning content authoring system and respository used to create interoperable, accessible, adaptive Web-based learning content. It can be used along with learning management systems to develop, share, and archive learning materials. Description AContent suffers...

acontent 1.1 - Multiple Vulnerabilities

acontent 1.1 - Multiple Vulnerabilities AContent 1.1 Multiple SQL Injection Vulnerabilities Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 1.1 build r296 Summary: AContent is an open source learning content authoring system and respository used ...

acontent 1.1 - Multiple Vulnerabilities

AContent 1.1 Multiple SQL Injection Vulnerabilities Vendor: ATutor Inclusive Design Institute Product web page: http://www.atutor.ca Affected version: 1.1 build r296 Summary: AContent is an open source learning content authoring system and respository used to create interoperable, accessible,...

CVE-2011-2958

Multiple cross-site scripting XSS vulnerabilities in Ecava IntegraXor before 3.60 Build 4080 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

DEBIAN-CVE-2011-2510

Cross-site scripting XSS vulnerability in the RSS embedding feature in DokuWiki before 2011-05-25a Rincewind allows remote attackers to inject arbitrary web script or HTML via a link...

tomcat: XSS vulnerability in HTML Manager interface

Multiple cross-site scripting XSS vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag...