Cross site scripting

Cross-site scripting XSS vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a different product than CVE-2006-3948...

CVE-2007-1175

Cross-site scripting XSS vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2007-1139

Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP SPP allows remote attackers to upload arbitrary scripts via a filename with a double extension...

CVE-2007-1054

Cross-site scripting XSS vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer...

CVE-2007-1055

Cross-site scripting XSS vulnerability in the AJAX features in index.php in MediaWiki 1.9.x before 1.9.0rc2, and 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rs parameter. NOTE: this issue might be a duplicate of CVE-2007-0177...

CVE-2007-0801

The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest...

DEBIAN-CVE-2007-0801

The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest...

CVE-2007-0204

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information...

DEBIAN-CVE-2007-0204

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.9.2-rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from third party information...

CVE-2006-6808

Cross-site scripting XSS vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the getfiledescription function in wp-admin/admin-functions.php...

CVE-2006-6363

CVE-2006-6363 describes a Cross-site scripting (XSS) vulnerability in admin.pl of BlueSocket Secure Controller (BSC) prior to version 5.2, or without the 5.1.1-BluePatch. An attacker can inject arbitrary web script or HTML via the ad_name parameter. The CVSS data indicates a network-accessible, l...

EUVD-2006-5958

Multiple cross-site scripting XSS vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 Name, 2 URL, or 3 Comments field...

PT-2006-6609 · Mginternet · Mginternet Car Site Manager

Name of the Vulnerable Software and Affected Versions: MGinternet Car Site Manager CSM affected versions not specified Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the s parameter in the /csm/asp/listings.asp API...

EUVD-2006-5927

Cross-site scripting XSS vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager CSM allows remote attackers to inject arbitrary web script or HTML via the s parameter...

EUVD-2006-4196

Cross-site scripting XSS vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode, and possibly other versions before October 15, 2006, allows remote attackers to inject arbitrary web script or HTML via the calendarID parameter...

CVE-2006-4067

Cross-site scripting XSS vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 "Not Found" error page. NOTE: some of these details are obtained from third party information...

DEBIAN-CVE-2006-4067

Cross-site scripting XSS vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 "Not Found" error page. NOTE: some of these details are obtained from third party information...

security flaw

Cross-site scripting XSS vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapperwindow.Function construct...

security flaw

Cross-site scripting XSS vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapperwindow.Function construct...

DEBIAN-CVE-2006-3810

Cross-site scripting XSS vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapperwindow.Function construct...