60 matches found
CVE-2018-15182
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields...
Jease Cross-Site Scripting Vulnerability (CNVD-2018-04746)
Jease is a set of open source content management system CMS written in Java language . A cross-site scripting vulnerability exists in Jease. A remote attacker can exploit this vulnerability to inject arbitrary Web script or HTML...
Cisco Finesse Cross-Site Scripting Vulnerability (CNVD-2017-20384)
Cisco Finesse is a suite of call center management software from Cisco in the United States. A cross-site scripting vulnerability exists in the Cisco Finesse WEB script, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to gain...
CVE-2017-2274
Cross-site scripting vulnerability (CVE-2017-2274) affects Buffalo WMR-433 and WMR-433W wireless LAN routers. WMR-433: firmware 1.02 and earlier; WMR-433W: firmware 1.40 and earlier. An attacker can inject arbitrary web script or HTML via unspecified vectors, potentially affecting the device’s we...
Pixie Cross-Site Scripting Vulnerability
Pixie is an open source lightweight website content management system CMS. The system supports CSS themes, WYSIWYG editors and more. A cross-site scripting vulnerability exists in Pixie version 1.0.4, which stems from the program not properly validating user-submitted input. A remote attacker can...
CVE-2014-8578
Cross-site scripting XSS vulnerability in the Groups panel in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475...
CVE-2013-5587
Cross-site scripting XSS vulnerability in Request Tracker RT 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket. NOTE: this issue has been SPLIT from CVE-2013-3371 due to different affected versions...
CVE-2012-3327
CVE-2012-3327 describes a cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management (versions 6.2–7.5), Maximo Asset Management Essentials (6.2–7.5), Tivoli Asset Management for IT (6.2–7.2), Tivoli Service Request Manager (7.1–7.2), Maximo Service Desk (6.2), CCMDB (7.1–7.2), and S...
CVE-2011-3864
Cross-site scripting XSS vulnerability in the The Erudite theme before 2.7.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cpage parameter...
CVE-2011-2754
Cross-site scripting XSS vulnerability in the PageBuilder2 aka Page Builder theme in IBM WebSphere Portal 7.x before 7.0.0.1 CF006, as used in IBM Web Content Manager WCM and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Cross site scripting
Cross-site scripting XSS vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2008-6683
Cross-site scripting XSS vulnerability in listtest.php in Apartment Search Script allows remote attackers to inject arbitrary web script or HTML via the r parameter...
kolifadownload-sql.txt
Title: Kolifa.Net Download Script indir.php ================================================================ + Author : Kacak + Special Thankz : Sa0 & Knock0ut & Biyocanlar & BilisimCanlar & All My Friends + BuqX at Hotmail dot Com +...
CVE-2008-2187
Cross-site scripting XSS vulnerability in mjguest.php in Mjguest 6.7 GT Rev.01 allows remote attackers to inject arbitrary web script or HTML via the level parameter in a redirect action, possibly involving interface/redirect.htm.php...
CVE-2008-0398
Cross-site scripting XSS vulnerability in aflog 1.01, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment form...
CVE-2008-0239
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the 1 cntry or lang parameters to /idm/login.jsp, 2 resultsForm parameter to /idm/account/findForSelect.jsp, or...
CVE-2007-3330
CVE-2007-3330 describes a stored cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0. The issue allows remote attackers to inject arbitrary web script or HTML via a news post that is stored in the news/ directory without proper sanitization. The root cause is the lack of input/outp...
CVE-2004-2113
BremsServer 1.2.4 is affected by an XSS vulnerability that allows a remote attacker to inject arbitrary web script or HTML via the URL. The impact is partial integrity violation with no confidentiality or availability impact as per the CVE metrics; no specific exploit details or patches are provi...
CVE-2004-2200
Cross-site scripting XSS vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text...
CVE-2003-1531
Cross-site scripting XSS vulnerability in testcgi.exe in Lilikoi Software Ceilidh 2.70 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string...