CVE-2009-1702

Cross-site scripting XSS vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects...

CVE-2009-0239

Cross-site scripting XSS vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Sear...

PT-2009-4182 · Apple · Ios +2

Name of the Vulnerable Software and Affected Versions: Apple Safari versions prior to 4.0 iPhone OS versions 1.0 through 2.2.1 iPhone OS for iPod touch versions 1.1 through 2.2.1 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via vecto...

CVE-2009-1482

Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an AttachFile sub-action in the errormsg function or 2 multiple vectors related to package file errors in the uploadform...

CVE-2008-6733

Cross-site scripting XSS vulnerability in the error handling page in DotNetNuke 4.6.2 through 4.8.3 allows remote attackers to inject arbitrary web script or HTML via the querystring parameter...

php: XSS via PHP error messages

Cross-site scripting XSS vulnerability in PHP, possibly 5.2.7 and earlier, when displayerrors is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: because of the lack of details, it is unclear whether this is related to CVE-2006-0208...

CVE-2009-0796

Cross-site scripting XSS vulnerability in Status.pm in Apache::Status and Apache2::Status in modperl1 and modperl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the URI...

CVE-2009-0934

Cross-site scripting XSS vulnerability in ejabberd before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to links and MUC logs...

CVE-2009-0260

Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin before 1.8.1 allow remote attackers to inject arbitrary web script or HTML via an AttachFile action to the WikiSandBox component with 1 the rename parameter or 2 the drawing parameter aka the basename variable...

CVE-2009-0245

Cross-site scripting XSS vulnerability in Usagi Project MyNETS 1.2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4629...

PHPAds 2.0 Multiple Remote Vulnerabilities

No description provided by source. Vendor: http://blondish.net Versions: PHPAds 2.0 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at http://www.push55.co.uk/advisories.php?id=8 ---- First, we need to acquire administrative access. We point our browser at...

PT-2008-6645 · Projectpier · Projectpier

Name of the Vulnerable Software and Affected Versions: ProjectPier versions 0.8 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via various means, including a message, a milestone, or a display name in a profile, or the a or c parameter to...

PT-2008-6516 · Mvnforum · Mvnforum

Name of the Vulnerable Software and Affected Versions: mvnForum versions prior to 1.2.1 GA Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via unspecified parameters in the listonlineusers component. Recommendations: For...

Groupmax Workflow - Development Kit for Active Server Pages Cross-Site Scripting Vulnerability

Overview Groupmax Workflow - Development Kit for Active Server Pages contains a cross-site scripting vulnerability. Impact A remote attacker could have the users execute malicious scripts. Solution Please refer to the 'Vendor Information' section for the official countermeasure and take appropria...

nsXMLHttpRequest:: NotifyEventListeners() same-origin violation

The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to bypass the same-origin policy and execute arbitrary script via multiple listeners, which bypass t...

DEBIAN-CVE-2008-4775

Cross-site scripting XSS vulnerability in pmdpdf.php in phpMyAdmin 3.0.0, and possibly other versions including 2.11.9.2 and 3.0.1, when registerglobals is enabled, allows remote attackers to inject arbitrary web script or HTML via the db parameter, a different vector than CVE-2006-6942 and...

Flash Player HTML injection flaw

Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to loose interpretation of an ActionScript attribute...

Flash Player XSS

Cross-site scripting XSS vulnerability in Adobe Flash Player 9.0.124.0 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving HTTP response headers...

CVE-2008-4535

Cross-site scripting XSS vulnerability in EC-CUBE Ver2 2.1.2a and earlier, EC-CUBE Ver2 BetaRC 2.2.0-beta and earlier, and EC-CUBE Community Edition Nighly-Build r17623 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than...

DEBIAN-CVE-2008-4408

Cross-site scripting XSS vulnerability in MediaWiki 1.13.1, 1.12.0, and possibly other versions before 1.13.2 allows remote attackers to inject arbitrary web script or HTML via the useskin parameter to an unspecified component...