CVE-2008-5939

Cross-site scripting XSS vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. NOTE: some sources list the id parameter as being affected, but...

CVE-2008-5059

Cross-site scripting XSS vulnerability in index.php in ModernBill 4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript event in the newlanguage parameter in a login action...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in ModernBill 4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript event in the newlanguage parameter in a login action...

CVE-2008-5059

Cross-site scripting XSS vulnerability in index.php in ModernBill 4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript event in the newlanguage parameter in a login action...

CVE-2002-2312

Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript 1 event.ctrlKey or 2 event.shiftKey onkeydown event contained in a webpage...

CVE-2002-2311

Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript 1 event.ctrlKey or 2 event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed the...

Cross site scripting

Cross-site scripting XSS vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag...

CVE-2006-2269

Cross-site scripting XSS vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag...

CVE-2006-2269

Cross-site scripting XSS vulnerability in myWebland MyBloggie 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in TyroCMS beta 1.0 allow remote attackers to inject arbitrary web script or HTML via 1 a javascript URI in an img BBCode tag, or a JavaScript event in a 2 url BBCode tag or 3 color BBCode tag...

Cross site scripting

Cross-site scripting XSS vulnerability in w-Agora aka Web-Agora 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' equals character, which bypasses a restrictive regular...

CVE-2006-2228

Cross-site scripting XSS vulnerability in w-Agora aka Web-Agora 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' equals character, which bypasses a restrictive regular...

CVE-2006-2228

Cross-site scripting XSS vulnerability in w-Agora aka Web-Agora 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' equals character, which bypasses a restrictive regular...

Cross site scripting

Cross-site scripting XSS vulnerability in inc/functionspost.php in MyBB aka MyBulletinBoard 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the...

CVE-2006-1625

Cross-site scripting XSS vulnerability in inc/functionspost.php in MyBB aka MyBulletinBoard 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event...

CVE-2005-3897

Apple Safari 2.0.2 allows remote attackers to cause a denial of service system slowdown via a Javascript BODY onload event that calls the window function...

CVE-2004-0191

Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page zombie document and enable cross-domain and cross-site scripting XSS attacks, as demonstrated using onmousemove events...

Mozilla OnUnload Referer Information Leakage Race Condition Information Disclosure (deprecated)

Binary data 1316.prm...

CVE-2002-2312

Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript 1 event.ctrlKey or 2 event.shiftKey onkeydown event contained in a webpage...

Microsoft Internet Explorer 56 - Recursive JavaScript Event Denial of Service

Microsoft Internet Explorer 56 - Recursive JavaScript Event Denial of Service source: https://www.securityfocus.com/bid/4583/info An issue has been reported in some versions of Microsoft Internet Explorer. It is possible for a malicious web page using JavaScript to crash the browser process. Unde...