tomcat examples jsp XSS

Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...

CVE-2008-3511

Multiple cross-site scripting XSS vulnerabilities in Softbiz Image Gallery Photo Gallery allow remote attackers to inject arbitrary web script or HTML via the 1 latest parameter to a index.php, b images.php, c suggestimage.php, and d imagedesc.php; and the 2 msg parameter to index.php, images.php...

DEBIAN-CVE-2008-2939

Cross-site scripting XSS vulnerability in proxyftp.c in the modproxyftp module in Apache 2.0.63 and earlier, and modproxyftp.c in the modproxyftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory...

Cross-site scripting (XSS) vulnerability in Sun Java Server Faces

Cross-site scripting XSS vulnerability in Sun Java Server Faces JSF 1.2 before 1.208 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

DEBIAN-CVE-2008-3422

Multiple cross-site scripting XSS vulnerabilities in the ASP.net class libraries in Mono 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted attributes related to 1 HtmlControl.cs PreProcessRelativeReference, 2 HtmlForm.cs RenderAttributes, 3 HtmlInputButton...

PYSEC-2008-13

Multiple cross-site scripting XSS vulnerabilities in macro/AdvancedSearch.py in moin and MoinMoin 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

security flaw

Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject arbitrary web script into a chrome document via unspecified vectors, as demonstrated by injection into a XUL error page. NOTE: this can be leveraged to execute arbitrary code using CVE-2008-2933...

DEBIAN-CVE-2008-2960

Cross-site scripting XSS vulnerability in phpMyAdmin before 2.11.7, when registerglobals is enabled and .htaccess support is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving scripts in libraries/...

httpd cross-site scripting flaw in mod_imap

Cross-site scripting XSS vulnerability in the modimap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps...

CVE-2008-2848

Cross-site scripting XSS vulnerability in the search functionality in MindTouch DekiWiki before 8.05.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-2842

Cross-site scripting XSS vulnerability in edit/showmedia.asp in doITLive CMS 2.50 and earlier allows remote attackers to inject arbitrary web script or HTML via the FILE parameter...

CVE-2008-2825

Cross-site scripting XSS vulnerability in the embedded Web Server in Xerox WorkCentre M123, M128, and 133 and WorkCentre Pro 123, 128, and 133 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-2787

Cross-site scripting XSS vulnerability in out.php in OpenDocMan 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the lastmessage parameter...

CVE-2008-2759

Multiple cross-site scripting XSS vulnerabilities in Xigla Absolute Form Processor XE 4.0 allow remote attackers to inject arbitrary web script or HTML via the 1 showfields, 2 text, and 3 submissions parameters to search.asp and the 4 name parameter to users.asp. NOTE: some of these details are...

CVE-2008-2766

Cross-site scripting XSS vulnerability in Xigla Absolute Image Gallery XE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in 1 admin/search.asp and 2 gallery.asp...

CVE-2008-2773

Cross-site scripting XSS vulnerability in the Taxonomy Image module 5.x before 5.x-1.3 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Groupmax World Wide Web Desktop/BUNSHOKANRI(=DocumentManagement) Cross-Site Scripting Vulnerability

Overview A cross-site scripting vulnerability has been found in the Groupmax World Wide Web Desktop/BUNSHOKANRI =DocumentManagement. Impact A remote attacker could execute malicious scripts. Solution Please refer to the 'Vendor Information' section for official countermesure and take appropriate...

Hitachi Groupmax Collaboration Products Cross-Site Scripting Vulnerability

Overview A cross-site scripting vulnerability has been found in the Hitachi Groupmax Collaboration products. Impact A remote attacker could execute arbitrary scripts. Solution Please refer to the 'Vendor Information' section for official countermesure and take appropriate action...

bea-xss.txt

+============================================================================================+ + Oracle Corporation BEA WebLogic Portal & high XSS Vulnerabilities + +============================================================================================+ Authors: Ivan Sanchez Producto:...

CVE-2008-2302

Cross-site scripting XSS vulnerability in the login form in the administration application in Django 0.91 before 0.91.2, 0.95 before 0.95.3, and 0.96 before 0.96.2 allows remote attackers to inject arbitrary web script or HTML via the URI of a certain previous request...