CVE-2007-2432

Cross-site scripting XSS vulnerability in utilities/search.asp in nukedit 4.9.7b allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2007-2306

Multiple cross-site scripting XSS vulnerabilities in the Virtual War VWar 1.5.0 R15 and earlier module for PHP-Nuke, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 memberlist parameter to extra/login.php and the 2 title parameter to...

CVE-2007-2308

Cross-site scripting XSS vulnerability in cas.php in FloweRS 2.0 allows remote attackers to inject arbitrary web script or HTML via the rok parameter...

CVE-2005-4838

Multiple cross-site scripting XSS vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 el/functions.jsp, 2 el/implicit-objects.jsp, and 3 jspx/textRotate.jspx in examples/jsp2/, as demonstrated via...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 Referer HTTP header to misc.php or the 2 category name when deleting a category in admincategories.php...

CVE-2007-2235

Multiple cross-site scripting XSS vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 Referer HTTP header to misc.php or the 2 category name when deleting a category in admincategories.php...

CVE-2007-2203

Cross-site scripting XSS vulnerability in Big Blue Guestbook allows remote attackers to inject arbitrary web script or HTML via the message field in the guestbook entry submission form...

CVE-2007-2191

CVE-2007-2191 describes multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.2.x . The flaws allow remote attackers to inject arbitrary web script or HTML via SIP-related fields (1) From, (2) To, (3) Call-ID, (4) User-Agent, and potentially other SIP headers, with the malicious data s...

Cross site scripting

Cross-site scripting XSS vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vector than CVE-2006-6087...

CVE-2007-1989

Multiple cross-site scripting XSS vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the 1 postid parameter to ecrire/trackback.php or the 2 toolurl parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third...

CVE-2007-1991

CVE-2007-1991 is an XSS vulnerability affecting CmailServer WebMail 5.4.3 (and possibly earlier) in the mail/signup.asp path. The issue allows remote attackers to inject arbitrary web script or HTML via the Comment parameter (a vector distinct from CVE-2007-1927). Public references confirm the sa...

Cross site scripting

Cross-site scripting XSS vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

CVE-2007-1919

CVE-2007-1919 describes a Cross-site scripting (XSS) vulnerability in Arizona Dream Livre d'or (livor) 2.5, specifically in index.php where the page parameter can be abused to inject arbitrary web script or HTML. The available sources confirm the vulnerability and affected component, but do not p...

Cross site scripting

Cross-site scripting XSS vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wptitle function...

Cross site scripting

Cross-site scripting XSS vulnerability in MailDwarf 3.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2007-1714

CcCounter 2.0 contains a cross-site scripting (XSS) vulnerability in index.php through the dir parameter. The issue arises from insufficient input handling of dir, enabling remote attackers to inject arbitrary scripts/HTML that may be executed in a user’s browser. Impact is partial confidentialit...

CVE-2007-1714

Cross-site scripting XSS vulnerability in index.php in CcCounter 2.0 allows remote attackers to inject arbitrary web script or HTML via dir parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in realGuestbook 5.01, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 bgcolor1, 2 fsmenu, 3 fcmenu, 4 ffmenu, 5 bgcolor2, 6 fsnormal, 7 fcnormal, and 8 ffnormal parameters to...

CVE-2007-1623

CVE-2007-1623 describes multiple XSS vulnerabilities in realGuestbook 5.01 that occur when PHP’s register_globals is enabled. Attackers can inject arbitrary script or HTML through the following parameters to welcome_admin.php: bg_color_1, fs_menu, fc_menu, ff_menu, bg_color_2, fs_normal, fc_norma...

CVE-2007-1623

Multiple cross-site scripting XSS vulnerabilities in realGuestbook 5.01, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 bgcolor1, 2 fsmenu, 3 fcmenu, 4 ffmenu, 5 bgcolor2, 6 fsnormal, 7 fcnormal, and 8 ffnormal parameters to...