CVE-2007-3417

Multiple cross-site scripting XSS vulnerabilities in cgi-bin/cgi-lib/search.pl in web-app.org WebAPP before 0.9.9.7 allow remote attackers to inject arbitrary web script or HTML via a search string, which is not sanitized when an HREF attribute is printed by the 1 processsearch or 2...

CVE-2007-3182

Calendarix 0.7.20070307 is affected by multiple XSS flaws when PHP register_globals is On. The vulnerabilities allow remote attackers to inject script/HTML via calendar.php year and month parameters, and via cal_footer.inc.php leftfooter parameter (the ycyear parameter is covered by CVE-2006-1835...

CVE-2007-3366

Cross-site scripting XSS vulnerability in Simple CGI Wrapper scgiwrap in cPanel before 10.9.1, and 11.x before 11.4.19-R14378, allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...

CVE-2007-3364

Cross-site scripting XSS vulnerability in the cgi-bin/post.mscgi sample page in MyServer 0.8.9 allows remote attackers to inject arbitrary web script or HTML via the body content...

CVE-2007-3328

CVE-2007-3328 affects Interact 2.4 beta 1 and is described as multiple XSS vulnerabilities. The vulnerable components are in Interact modules: (1) module_key parameter used by kb/kb.php, quiz/runquiz.php, quiz/quiz.php, forum/forum.php, forum/byname.php, journal/journalview.php; (2) tag_key param...

CVE-2007-3299

Cross-site scripting XSS vulnerability in AWFFull before 3.7.4, when AllSearchStr aka the All Search Terms report is enabled, allows remote attackers to inject arbitrary web script or HTML via a search string...

CVE-2007-3281

Cross-site scripting XSS vulnerability in index.php in Php Hosting Biller 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Php Hosting Biller 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

Cross site scripting

Cross-site scripting XSS vulnerability in login.php in Utopia News Pro 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the password parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235...

EUVD-2007-3257

Cross-site scripting XSS vulnerability in low.php in Fuzzylime Forum 1.01b and earlier allows remote attackers to inject arbitrary web script or HTML via the fromaction parameter in a log action, a different vector than CVE-2007-3235...

CVE-2007-3261

CVE-2007-3261 affects dKret widgets/widget_search.php, with the vulnerable component being the search widget in dKret before version 2.6. The issue is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). Connected docu...

CVE-2007-3101

Multiple cross-site scripting XSS vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in certain JSF applications in Apache MyFaces Tomahawk before 1.1.6 allow remote attackers to inject arbitrary web script via the autoscroll parameter, which is injected into Javascript that is sent to the client...

CVE-2007-3243

CVE-2007-3243 affects bbPress 0.8.1 via bb-login.php. The XSS vulnerability allows remote attackers to inject arbitrary script/HTML through the re parameter; exploitation may hinge on a specific Referer header being sent by the client. The cited sources (NVD entry) describe the issue and impact a...

CVE-2007-3195

Cross-site scripting XSS vulnerability in index.php in ERFAN WIKI 1.00 allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2007-3189

Cross-site scripting XSS vulnerability in auth.php in Just For Fun Network Management System JFFNMS 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter...

CVE-2007-3170

Multiple cross-site scripting XSS vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via 1 the PATHINFO to redirect.php or 2 the selectedtheme parameter to demo/pop3/error.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 sbl, 2 sbr, or 3 search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is...

CVE-2007-3137

Multiple cross-site scripting XSS vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 sbl, 2 sbr, or 3 search parameter. NOTE: the original disclosure claims the pageid parameter in index.php is affected, but this is...