PYSEC-2011-21

Cross-site scripting XSS vulnerability in feedparser.py in Universal Feed Parser aka feedparser or python-feedparser 5.x before 5.0.1 allows remote attackers to inject arbitrary web script or HTML via an unexpected URI scheme, as demonstrated by a javascript: URI...

CVE-2011-1671

Cross-site scripting XSS vulnerability in app/controllers/todoscontroller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to todos/tag/. NOTE: some of these details are obtained from third party information...

CVE-2008-7275

Multiple cross-site scripting XSS vulnerabilities in Open Ticket Request System OTRS before 2.3.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 AgentTicketMailbox or 2 CustomerTicketOverView...

Oracle MySQL Eventum 2.3 Cross Site Scripting

Oracle MySQL Eventum 2.3 Remote Script Insertion Vulnerabilities Vendor: MySQL AB / Oracle Corporation Product web page: http://forge.mysql.com/wiki/Eventum Affected version: 2.2 and 2.3 Summary: Eventum is a user-friendly and flexible issue tracking system that can be used by a support departmen...

CVE-2010-4536

Multiple cross-site scripting XSS vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the & ampersand character, 2 the case of an attribute name, 3 a padded entity, and 4 an entity that is not in...

DEBIAN-CVE-2010-4524

Cross-site scripting XSS vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by ipt and ipt sequences...

CVE-2010-4348

CVE-2010-4348 affects MantisBT prior to 1.2.4. It is a cross-site scripting (XSS) vulnerability in admin/upgrade_unattended.php where an attacker can inject arbitrary web script or HTML via the db_type parameter, due to an unsafe call in the ADOdb PHP library. The issue enables remote attacker co...

DEBIAN-CVE-2010-4329

Cross-site scripting XSS vulnerability in the PMAlinkOrButton function in libraries/common.lib.php in the database db search script in phpMyAdmin 2.11.x before 2.11.11.1 and 3.x before 3.3.8.1 allows remote attackers to inject arbitrary web script or HTML via a crafted request...

Mozilla XSS in gopher parser when parsing hrefs

Multiple cross-site scripting XSS vulnerabilities in the Gopher parser in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, and SeaMonkey before 2.0.9, allow remote attackers to inject arbitrary web script or HTML via a crafted name of a 1 file or 2 directory on a Gopher server...

DEBIAN-CVE-2010-3070

Cross-site scripting XSS vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to an arbitrary PHP script that uses NuSOAP classes...

CVE-2010-3070

Cross-site scripting XSS vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to an arbitrary PHP script that uses NuSOAP classes...

CVE-2010-3263

Cross-site scripting XSS vulnerability in setup/frames/index.inc.php in the setup script in phpMyAdmin 3.x before 3.3.7 allows remote attackers to inject arbitrary web script or HTML via a server name...

DEBIAN-CVE-2010-2958

Cross-site scripting XSS vulnerability in libraries/Error.class.php in phpMyAdmin 3.x before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to a PHP backtrace and error messages aka debugging messages, a different vulnerability than CVE-2010-3056...

PT-2010-3305 · Cacti · Cacti

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 0.8.7f Description: The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters to certain PHP files. The vulnerable parameters include hostname and description in host.php, as well...

No title provided

Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 graph.php, 2 include/topgraphheader.php, 3 lib/htmlform.php, and 4 lib/timespansettings.php, as demonstrated by the a graphend or b graphstart...

No title provided

Cross-site scripting XSS vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing HPC Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter...

PT-2010-2963 · Microsoft · Internet Explorer

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 8 Description: The issue allows remote attackers to execute script in an unintended domain or security zone, and obtain sensitive information. An information disclosure vulnerability exists that...

DEBIAN-CVE-2010-2790

Multiple cross-site scripting XSS vulnerabilities in the formatQuery function in frontends/php/include/classes/class.curl.php in Zabbix before 1.8.3rc1 allow remote attackers to inject arbitrary web script or HTML via the 1 filterset, 2 showdetails, 3 filterrst, or 4 txtselect parameters to the...

PYSEC-2010-17

Multiple cross-site scripting XSS vulnerabilities in MoinMoin 1.7.3 and earlier, and 1.9.x before 1.9.3, allow remote attackers to inject arbitrary web script or HTML via crafted content, related to 1 action/LikePages.py, 2 action/chart.py, and 3 action/userprofile.py, a similar issue to...

CVE-2009-4975

Technical details (affected products, root cause, exploitability or patch information) are not publicly available in the provided documents; monitor for updates.