CVE-2006-4220

Novell GroupWise WebAccess vulnerable to multiple XSS flaws in version before 7 Support Pack 3 Public Beta. Exploitation vectors involve crafted inputs in parameters (User.html, Error, User.Theme.index, User.lang) that allow remote attackers to inject arbitrary script/HTML. Root cause is cross-si...

DEBIAN-CVE-2008-0460

Cross-site scripting XSS vulnerability in api.php in 1 MediaWiki 1.11 through 1.11.0rc1, 1.10 through 1.10.2, 1.9 through 1.9.4, and 1.8; and 2 the BotQuery extension for MediaWiki 1.7 and earlier; when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via...

httpd: mod_imagemap XSS

Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

httpd: mod_imagemap XSS

Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

apache mod_status cross-site scripting

Cross-site scripting XSS vulnerability in modstatus in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2008-0193

Cross-site scripting XSS vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php...

ImgSvr 0.6.21 - Error Message Remote Script Execution

source: https://www.securityfocus.com/bid/27033/info ImgSvr is prone to a remote script-execution vulnerability because it fails to adequately sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also...

ImgSvr 0.6.21 - Error Message Remote Script Execution

ImgSvr 0.6.21 - Error Message Remote Script Execution source: https://www.securityfocus.com/bid/27033/info ImgSvr is prone to a remote script-execution vulnerability because it fails to adequately sanitize user-supplied input. Exploiting this issue may allow an attacker to compromise the...

CVE-2007-6474

Multiple cross-site scripting XSS vulnerabilities in GF-3XPLORER 2.4 allow remote attackers to inject arbitrary web script or HTML via the newdir parameter to index3x.php, and unspecified other vectors...

DEBIAN-CVE-2007-5000

Cross-site scripting XSS vulnerability in the 1 modimap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the 2 modimagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2007-6321

Cross-site scripting XSS vulnerability in RoundCube webmail 0.1rc2, 2007-12-09, and earlier versions, when using Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via style sheets containing expression commands...

CVE-2007-6100

Cross-site scripting XSS vulnerability in libraries/auth/cookie.auth.lib.php in phpMyAdmin before 2.11.2.2, when logins are authenticated with the cookie authtype, allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter to index.php, a different vulnerability...

tomcat examples jsp XSS

Multiple cross-site scripting XSS vulnerabilities in certain JSP files in the examples web application in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.24, and 6.0.0 through 6.0.13 allow remote attackers to inject arbitrary web script or HTML via...

PT-2007-5002 · Apple · Iphone

Name of the Vulnerable Software and Affected Versions: Apple iPhone version 1.1.1 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML by causing Javascript events to be applied to a frame in another domain. This is a general information abo...

CVE-2007-5051

Multiple cross-site scripting XSS vulnerabilities in PhpGedView 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 boxwidth, 2 PEDIGREEGENERATIONS, and 3 rootid parameters in ancestry.php, and the 4 newpid parameter in timeline.php. NOTE: the provenance of this...

CVE-2007-4465

Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...

CVE-2007-4465

Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...

DEBIAN-CVE-2007-4306

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the 1 unlimnumrows, 2 sqlquery, or 3 pos parameter to a tblexport.php; the 4 sessionmaxrows or 5 pos parameter to b sql.php; the 6 username parameter to c...

CVE-2007-4245

DiMeMa CONTENTdm (CDM) 4.2 is affected by an XSS in Search.php, allowing remote attackers to inject arbitrary scripts via a search, likely tied to the CISOBOX1 parameter in results.php. The vulnerability concerns the search functionality within CDM and is documented across multiple sources as a C...

CVE-2007-4088

Multiple cross-site scripting XSS vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 id, 2 f, 3 quote, and 4 act parameters to cp.php; the 5 u parameter to user.php; the 6 f parameter to post.php; the 7 s parameter to topic.php; the 8 quot...