httpd: mod_imagemap XSS

Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

apache mod_status cross-site scripting

Cross-site scripting XSS vulnerability in modstatus in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-0193

Cross-site scripting XSS vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php...

ImgSvr 0.6.21 - Error Message Remote Script Execution

source: https://www.securityfocus.com/bid/27033/info ImgSvr is prone to a remote script-execution vulnerability because it fails to adequately sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also...

ImgSvr 0.6.21 - Error Message Remote Script Execution

ImgSvr 0.6.21 - Error Message Remote Script Execution source: https://www.securityfocus.com/bid/27033/info ImgSvr is prone to a remote script-execution vulnerability because it fails to adequately sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the...

CVE-2007-6474

Multiple cross-site scripting XSS vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index3x.php, and unspecified other vectors...

DEBIAN-CVE-2007-5000

Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2007-6321

Cross-site scripting XSS vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands...

CVE-2007-6100

Cross-site scripting XSS vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie authtype, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability...

tomcat examples jsp XSS

Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...

PT-2007-5002 · Apple · Iphone

Name of the Vulnerable Software and Affected Versions: Apple iPhone version 1.1.1 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain. This is a general information abo...

CVE-2007-5051

Multiple cross-site scripting XSS vulnerabilities in PhpGedView 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 boxwidth, 2 PEDIGREEGENERATIONS, and 3 rootid parameters in ancestry.php, and the 4 newpid parameter in timeline.php. NOTE: the provenance of this...

CVE-2007-4465

Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...

CVE-2007-4465

Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...

DEBIAN-CVE-2007-4306

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the 1 unlimnumrows, 2 sqlquery, or 3 pos parameter to a tblexport.php; the 4 sessionmaxrows or 5 pos parameter to b sql.php; the 6 username parameter to c...

CVE-2007-4245

DiMeMa CONTENTdm (CDM) 4.2 is affected by an XSS in Search.php, allowing remote attackers to inject arbitrary scripts via a search, likely tied to the CISOBOX1 parameter in results.php. The vulnerability concerns the search functionality within CDM and is documented across multiple sources as a C...

CVE-2007-4088

Multiple cross-site scripting XSS vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 id, 2 f, 3 quote, and 4 act parameters to cp.php; the 5 u parameter to user.php; the 6 f parameter to post.php; the 7 s parameter to topic.php; the 8 quot...

security flaw

Cross-site scripting XSS vulnerability in Mozilla Firefox before 2.0.0.5 allows remote attackers to inject arbitrary web script "into another site's context" via a "timing issue" involving the 1 addEventListener or 2 setTimeout function, probably by setting events that activate after the context...

EUVD-2007-3174

Multiple cross-site scripting XSS vulnerabilities in Calendarix 0.7.20070307, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 year and 2 month parameters to calendar.php, and the 3 leftfooter parameter to calfooter.inc.php. NOTE: the ycyear...

csc-sqlxss.txt

--- Comersus Shop Cart 7.07 SQL Injection & XSS Comersus is an active server pages asp software for running shopping stores, integrated with the rest of your web site. Comersus ASP Cart is free and IT CAN BE used for commercial purposes. An attacker may leverage this issue to have arbitrary scrip...