tomcat: XSS vulnerability in HTML Manager interface

Multiple cross-site scripting XSS vulnerabilities in the HTML Manager Interface in Apache Tomcat 5.5 before 5.5.32, 6.0 before 6.0.30, and 7.0 before 7.0.6 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the display-name tag...

flash-plugin: Cross-site scripting vulnerability (APSB11-13)

Cross-site scripting XSS vulnerability in Adobe Flash Player before 10.3.181.22 on Windows, Mac OS X, Linux, and Solaris, and 10.3.185.22 and earlier on Android, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to a "universal cross-site scripting...

Skype 0day detailed analysis-vulnerability warning-the black bar safety net

Recently, we heard about the Skype 0day related news, on the Mac OS in the remote script execution vulnerability. In fact, we in the 2 months before long discovered this vulnerability. Due to the test reason we did not promptly report to the Supplier, because we are still in testing this...

CVE-2011-1727

Cross-site scripting XSS vulnerability in HP SiteScope 9.54, 10.13, 11.01, and 11.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to an "HTML injection" issue...

CVE-2011-1716

Multiple cross-site scripting XSS vulnerabilities in the Web UI in Xymon before 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

WordPress Plugin Spellchecker 3.1 - general.php LocalRemote File Inclusion

WordPress Plugin Spellchecker 3.1 - general.php LocalRemote File Inclusion source: https://www.securityfocus.com/bid/47317/info The Spellchecker plugin for WordPress is prone to a local file-include vulnerability and a remote file-include vulnerability because the application fails to sufficientl...

DEBIAN-CVE-2011-1157

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via malformed XML comments...

PYSEC-2011-21

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI...

CVE-2011-1671

Cross-site scripting XSS vulnerability in app/controllers/todoscontroller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to todos/tag/. NOTE: some of these details are obtained from third party information...

CVE-2008-7275

Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS before 2.3.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 AgentTicketMailbox or 2 CustomerTicketOverView...

Oracle MySQL Eventum 2.3 Cross Site Scripting

Oracle MySQL Eventum 2.3 Remote Script Insertion Vulnerabilities Vendor: MySQL AB / Oracle Corporation Product web page: http://forge.mysql.com/wiki/Eventum Affected version: 2.2 and 2.3 Summary: Eventum is a user-friendly and flexible issue tracking system that can be used by a support departmen...

DEBIAN-CVE-2010-4524

Cross-site scripting XSS vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by ipt and ipt sequences...

CVE-2010-4536

Multiple cross-site scripting XSS vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the & ampersand character, 2 the case of an attribute name, 3 a padded entity, and 4 an entity that is not in...

CVE-2010-4348

CVE-2010-4348 affects MantisBT prior to 1.2.4. It is a cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php where an attacker can inject arbitrary web script or HTML via the db_type parameter, due to an unsafe call in the ADOdb PHP library. The issue enables remote attacker co...

DEBIAN-CVE-2010-4329

Cross-site scripting XSS vulnerability in the PMAlinkOrButton function in libraries/common.lib.php in the database db search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request...

Mozilla XSS in gopher parser when parsing hrefs

Multiple cross-site scripting XSS vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a 1 file or 2 directory on a Gopher server...

DEBIAN-CVE-2010-3070

Cross-site scripting XSS vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to an arbitrary PHP script that uses NuSOAP classes...

CVE-2010-3070

Cross-site scripting XSS vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to an arbitrary PHP script that uses NuSOAP classes...

CVE-2010-3263

Cross-site scripting XSS vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name...

DEBIAN-CVE-2010-2958

Cross-site scripting XSS vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages aka debugging messages, a different vulnerability than CVE-2010-3056...