Symantec Endpoint Protection Manager TestConnection.jsp 'Msg' Parameter XSS (SYM11-009 & SYM12-001)

The version of Symantec Endpoint Protection Manager running on the remote web server is affected by a cross-site scripting XSS vulnerability due to improper sanitization of input to the 'Msg' parameter in the TestConnection.jsp file. An unauthenticated, remote attacker can exploit this...

CVE-2008-6876

Cross-site scripting XSS vulnerability in login.php in EsPartenaires 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the EsContacts 1.0 issue is covered in CVE-2008-2037...

CVE-2009-2033

Cross-site scripting XSS vulnerability in index.php in Yogurt 0.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Leap CMS 0.1.4 allow remote attackers to inject arbitrary web script or HTML via 1 the msg parameter aka the message in an article comment or 2 the searchterm parameter aka the search post form. NOTE: some of these details are obtained from thi...

CVE-2009-0857

Cross-site scripting XSS vulnerability in /prm/reports in the Performance Reporting Module PRM for Sun Management Center SunMC 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the SunMC Web Console...

CVE-2008-2165

Cross-site scripting XSS vulnerability in AccessCodeStart.asp in Cisco Building Broadband Service Manager BBSM Captive Portal 5.3 allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in bsauth.php in Blogator-script 0.95 and 1.01 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Cross site scripting

Cross-site scripting XSS vulnerability in account-inbox.php in TorrentTrader Classic 1.08 allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

CVE-2007-5480

Multiple cross-site scripting XSS vulnerabilities in InnovaAge InnovaShop allow remote attackers to inject arbitrary web script or HTML via the 1 msg parameter to msg.jsp, and the 2 contentid parameter to tc/contents/home001.jsp...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in InnovaAge InnovaShop allow remote attackers to inject arbitrary web script or HTML via the 1 msg parameter to msg.jsp, and the 2 contentid parameter to tc/contents/home001.jsp...

CVE-2007-5480

CVE-2007-5480 concerns multiple cross-site scripting (XSS) vulnerabilities in InnovaAge InnovaShop. The affected components are the web interfaces handling user-supplied data: the msg.jsp endpoint (parameter: msg) and the tc/contents/home001.jsp page (parameter: contentid). The root cause is unva...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in activeWeb contentserver before 5.6.2964 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to 1 errors/rights.asp or 2 errors/transaction.asp, or 3 the name of a MIME type mimetype...

Cross site scripting

Cross-site scripting XSS vulnerability in admin/auth.php in Pluxml 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

CVE-2007-3542

Removed by vendor...

CVE-2007-2090

Cross-site scripting XSS vulnerability in index.php in TuMusika Evolution 1.6 allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

CVE-2007-2013

Cross-site scripting XSS vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter...

CVE-2006-4002

Drupal vulnerable component: the user.module in Drupal 4.6 (before 4.6.9) and 4.7 (before 4.7.3) allows remote XSS via the msg parameter. Impact: arbitrary script execution in a user’s browser (potential session-related risk). Root cause: insufficient input sanitising in user module. Affected ver...

CVE-2006-3132

CVE-2006-3132 is an XSS vulnerability in QTOFileManager 1.0, specifically in the qtofm.php4 script, exploitable by injecting scripts via the msg parameter. The NVD entry lists impact to confidentiality and integrity (PARTIAL) with network attack vector and no authentication required. The connecte...