4531 matches found
Meneame cross-site scripting vulnerability
Overview Meneame, an open source social bookmark system, contains a cross-site scripting vulnerability. Meneame, an open-source web application to build social bookmark systems, contains a cross-site scripting vulnerability, as it does not properly handle output data. Impact A remote attacker cou...
Trac cross-site scripting vulnerability
Overview Trac is a project management tool from Edgewall Software. InterAct Corp. provides a localized version of Trac in Japan. Trac wiki engine contains a cross-site scripting vulnerability which affects Microsoft Internet Explorer. Impact A remote attacker could possibly execute an arbitrary...
Namazu cross-site scripting vulnerability
Overview Namazu, Japanese full-text search engine, contains a cross-site scripting vulnerability. Namazu, Japanese full-text search engine does not specify charset in the ContentType header that could allow a remote attacker to execute an arbitrary script on the user's web browser. Impact An...
mod_imap cross-site scripting vulnerability
Overview The "modimap" and "modimagemap" modules of the Apache HTTP Server are used for implementing server-side image map processing. modimap and modimagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle...
Zimbra Collaboration Suite script execution vulnerability
Overview Zimbra Collaboration Suite, a web collaboration tool from Zimbra, Inc., contains a vulnerability that could allow a remote attacker to execute an arbitrary script on the user's web browser. Zimbra Collaboration Suite is a web collaboration tool that provides calendar, address book,...
w3m Cross-Site Scripting Vulnerability
Overview w3m contains a cross-site scripting vulnerability due to insufficient sanitization of HTML tags in the frame. Impact An remote attacker could execute arbitrary scripts and gain access to files or cookies. Solution Please refer to the 'Vendor Information' section for official remediation...
apache mod_status cross-site scripting
Cross-site scripting XSS vulnerability in modstatus in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
tomcat manager example DoS
Multiple cross-site scripting XSS vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 el/functions.jsp, 2 el/implicit-objects.jsp, and 3 jspx/textRotate.jspx in examples/jsp2/, as demonstrated via...
httpd: mod_imagemap XSS
Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
tomcat examples jsp XSS
Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...
RHN XSS flaw
Cross-site scripting XSS vulnerability in the Red Hat Network channel search feature, as used in RHN and Red Hat Network Satellite before 5.0.2, allows remote attackers to inject arbitrary web script or HTML via unknown vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in SystemList.jsp in SysAid 5.1.08 allows remote attackers to inject arbitrary web script or HTML via the searchField parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
universal XSS using event handlers
Cross-site scripting XSS vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to inject arbitrary web script or HTML via event handlers, aka "Universal XSS using event handlers."...
CVE-2008-1355
Cross-site scripting XSS vulnerability in index.php in Jeebles Technology Jeebles Directory 2.9.60 allows remote attackers to inject arbitrary web script or HTML via the path parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informati...
CVE-2007-6707
Multiple cross-site scripting XSS vulnerabilities on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and earlier firmware allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-3574...
CVE-2008-1081
Opera before 9.26 allows user-assisted remote attackers to execute arbitrary script via images that contain custom comments, which are treated as script when the user displays the image properties...
PT-2008-2242 · Dmssoftware · Dmsguestbook
Name of the Vulnerable Software and Affected Versions: DMSGuestbook version 1.7.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the "file" parameter to "wp-admin/admin.php", the "messagefield" parameter in the guestbook page, or th...
CVE-2006-4220
Novell GroupWise WebAccess vulnerable to multiple XSS flaws in version before 7 Support Pack 3 Public Beta. Exploitation vectors involve crafted inputs in parameters (User.html, Error, User.Theme.index, User.lang) that allow remote attackers to inject arbitrary script/HTML. Root cause is cross-si...
DEBIAN-CVE-2008-0460
Cross-site scripting XSS vulnerability in api.php in 1 MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and 2 the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via...
httpd: mod_imagemap XSS
Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...