CVE-2007-3594

Multiple cross-site scripting XSS vulnerabilities in AdventNet ManageEngine OpManager 6 and 7 allow remote attackers to inject arbitrary web script or HTML via the 1 name parameter in a ping.do and b traceRoute.do in map/; the 2 reportName, 3 displayName, and 4 selectedNode parameters to c...

CVE-2007-3577

PHPIDS before 20070703 does not properly handle use of the substr method in 1 document.location.search and 2 document.referrer; 3 certain use of document.location.hash; 4 certain "windoweval" and similar expressions; 5 certain Function expressions; 6 certain '=' expressions, as demonstrated by a...

CVE-2007-3579

PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script...

CVE-2007-3578

PHPIDS before 20070703 does not properly handle 1 arithmetic expressions and 2 unclosed comments, which allows remote attackers to inject arbitrary web script...

CVE-2007-3579

PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script...

CVE-2007-3579

CVE-2007-3579 affects PHPIDS prior to 20070703. The vulnerability arises because the system does not correctly handle setting the .text property of a SCRIPT element before it is attached to the DOM, enabling a remote attacker to inject arbitrary web script. The available documents confirm the aff...

CVE-2007-3569

Multiple cross-site scripting XSS vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the 1 updateform and 2 displayform parameter to a gateway/gateway.exe; the 3 TERMS, 4 database, 5 srchad, 6 SuggestedSearch, and 7 searchform...

CVE-2007-3569

Affected product : Oliver Library Management System. Vulnerable vectors : XSS via the parameters (updateform, displayform) to gateway/gateway.exe and via (TERMS, database, srchad, SuggestedSearch, searchform) on the Basic Search page; and (8) username during login. Root cause : likely improper in...

CVE-2007-3569

Multiple cross-site scripting XSS vulnerabilities in Oliver Library Management System allow remote attackers to inject arbitrary web script or HTML via the 1 updateform and 2 displayform parameter to a gateway/gateway.exe; the 3 TERMS, 4 database, 5 srchad, 6 SuggestedSearch, and 7 searchform...

CVE-2007-3559

The CVE-2007-3559 affects PHP-Fusion 6.01.9 and 6.01.10, specifically the infusions/shoutbox_panel/shoutbox_panel.php component. The vulnerability is a Cross-Site Scripting (XSS) issue related to the FUSION_QUERY constant when guest posts are enabled, allowing remote authenticated users to inject...

CVE-2007-3561

CVE-2007-3561 describes a cross-site scripting (XSS) vulnerability in the ara.asp page of Efendy Blog 1.0. The issue allows remote attackers to inject arbitrary web script or HTML via the ara parameter. Exploitation details, affected versions, and remediation are not provided in the connected doc...

CVE-2007-3553

Cross-site scripting XSS vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using 1 pls/ and 2 pls/MSBEP004/. NOTE: the provenance of this information is...

EUVD-2007-3537

Cross-site scripting XSS vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using 1 pls/ and 2 pls/MSBEP004/. NOTE: the provenance of this information is...

Cross site scripting

Cross-site scripting XSS vulnerability in search.php in Google Custom Search Engine allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: this issue is disputed by the Google Security Team, who states that "Google does not provide the 'search.php' script...

CVE-2006-5752

Cross-site scripting XSS vulnerability in modstatus.c in the modstatus module in Apache HTTP Server httpd, when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browser...

CVE-2006-7209

Multiple cross-site scripting XSS vulnerabilities in phpTrafficA before 1.2beta2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to keywords results in the 1 main, 2 daily, 3 weekly, 4 monthly, 5 new trends, 6 individual page, and 7 search engine...

CVE-2007-3448

CVE-2007-3448 describes a cross-site scripting vulnerability in BugMall Shopping Cart 2.5 and earlier. An attacker can inject arbitrary script via the msgs parameter in index.php. The NVD entry notes this affects 2.5 and earlier versions; 4.0.2 and other versions might also be affected. The CVSS ...

CVE-2007-3414

Multiple cross-site scripting XSS vulnerabilities in access2asp 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 od and 2 search parameters to a suppliersList.asp and b contactsList.asp...

CVE-2007-3413

Multiple cross-site scripting XSS vulnerabilities in bosDataGrid 2.50 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 GridSearch, 2 gsearch, or 3 ParentID parameter to an unspecified component...

CVE-2007-3412

Cross-site scripting XSS vulnerability in editimage.asp in ClickGallery Server 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter...