tomcat accept-language xss flaw

Cross-site scripting XSS vulnerability in certain applications using Apache Tomcat 4.0.0 through 4.0.6 and 4.1.0 through 4.1.34 allows remote attackers to inject arbitrary web script or HTML via crafted "Accept-Language headers that do not conform to RFC 2616"...

tomcat XSS in example webapps

Cross-site scripting XSS vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly...

DEBIAN-CVE-2007-2739

Cross-site scripting XSS vulnerability in xajax before 0.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2007-2627

Cross-site scripting XSS vulnerability in sidebar.php in WordPress, when custom 404 pages that call getsidebar are used, allows remote attackers to inject arbitrary web script or HTML via the query string PHPSELF, a different vulnerability than CVE-2007-1622...

CVE-2007-2524

Cross-site scripting XSS vulnerability in index.pl in Open Ticket Request System OTRS 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. NOTE: DEBIAN:DSA-1299 originally used this identifier for an ipsec-tools issue, b...

tomcat XSS in example webapps

Cross-site scripting XSS vulnerability in the calendar application example in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.31, 5.0.0 through 5.0.30, and 5.5.0 through 5.5.15 allows remote attackers to inject arbitrary web script or HTML via the time parameter to cal2.jsp and possibly...

CVE-2007-1969

Cross-site scripting XSS vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter...

CVE-2007-1894

Cross-site scripting XSS vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wptitle function...

Cross site scripting

Cross-site scripting XSS vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948...

CVE-2007-1139

Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP SPP allows remote attackers to upload arbitrary scripts via a filename with a double extension...

CVE-2007-1175

Cross-site scripting XSS vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2007-1055

Cross-site scripting XSS vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177...

CVE-2007-1054

Cross-site scripting XSS vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer...

DEBIAN-CVE-2007-0801

The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest...

CVE-2007-0801

The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest...

DEBIAN-CVE-2007-0204

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information...

CVE-2007-0204

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information...

CVE-2006-6808

Cross-site scripting XSS vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the getfiledescription function in wp-admin/admin-functions.php...

CVE-2006-6363

CVE-2006-6363 describes a Cross-site scripting (XSS) vulnerability in admin.pl of BlueSocket Secure Controller (BSC) prior to version 5.2, or without the 5.1.1-BluePatch. An attacker can inject arbitrary web script or HTML via the ad_name parameter. The CVSS data indicates a network-accessible, l...

EUVD-2006-5958

Multiple cross-site scripting XSS vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 Name, 2 URL, or 3 Comments field...