CVE Daily
← All tags

Tag: Cross-site Scripting (XSS)

All CVEs associated with "Cross-site Scripting (XSS)". Page 373/397 • 47635 CVEs.

Subscribe CVEs: RSS for “Cross-site Scripting (XSS)”  ·  RSS (High+Critical only)

About “Cross-site Scripting (XSS)”

A curated feed of “Cross-site Scripting (XSS)”-related CVEs appears below. We currently track 47635 CVEs for this tag (all time). In the last 365 days, 7580 were published. Average CVSS is 5.6 (all time; 5.9 over 365d), and 11% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), CWE-352 - Cross-Site Request Forgery (CSRF), CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS).

In our taxonomy this topic maps to a MODERATE impact class. Common exploitation patterns for this weakness can lead to moderate. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2007-04-11
Medium

CVE-2007-1965

Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) ar…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1969

Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1941

Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in Domino Web Access (DWA) in IBM Lotus Notes before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arb…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1950

Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizzard CMS allows remote attackers to inject arbitrary web script or HTML via the Suchzeile parameter.

CVSS: 4.3 CWE: N/A View on NVD
2007-04-10
Medium

CVE-2007-1905

Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via encoded special character…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-1919

Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream Livre d'or (livor) 2.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1927

Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1938

Ichitaro 2005 through 2007, and possibly related products, allows remote attackers to have an unknown impact via unspecified vectors in a document distributed through e-mail or a web site, possibly d…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-1939

Cross-site scripting (XSS) vulnerability in the embedded webserver in Daniel Naber LanguageTool before 0.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors inv…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-1926

Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin before 1.293 does not properly display log files, which allows remote authenticated users to inject arbitrary web script or HTML…

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2006-7192

Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-0939

Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors inv…

CVSS: 4.3 CWE: N/A View on NVD
2007-04-09
Medium

CVE-2007-1894

Cross-site scripting (XSS) vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the…

CVSS: 4.3 CWE: N/A View on NVD
2007-04-03
Medium

CVE-2007-0242

The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) a…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1848

Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desc[][title] field. NOTE: Drake CMS has only…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-7187

Cross-site scripting (XSS) vulnerability in the show_recent_searches function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to inject arbitrary web scrip…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-7189

Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in web-app.net WebAPP before 20060403 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-7190

Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl in web-app.net WebAPP before 20060515 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2007-1828

Multiple cross-site scripting (XSS) vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the QUERY_STRING corresponding…

CVSS: 3.5 CWE: N/A View on NVD
Medium

CVE-2007-1830

Unspecified vulnerability in the Username Hijacking Patch 20070312 for web-app.org WebAPP 0.9.9.6 allows remote attackers to obtain administrative access via unknown vectors, related to "something ov…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1840

lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not escape HTML special characters in LDAP data, which allows remote attackers to have an unknown impact, probably cross-site scripting…

CVSS: 4.3 CWE: N/A View on NVD
2007-04-02
Medium

CVE-2007-1802

Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 6.8 CWE: N/A View on NVD
2007-03-30
Medium

CVE-2007-1780

Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) in Overlay Weaver 0.5.9 to 0.5.11, when invoked with the -x option, allows remote attackers to inject arbitrary web script or HT…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1768

Cross-site scripting (XSS) vulnerability in app/helpers/application_helper.rb in Mephisto 0.7.3 and Mephisto Edge 20070325 allows remote attackers to inject arbitrary web script or HTML via the autho…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1774

Multiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy allow remote attackers to inject arbitrary web script or HTML via the d parameter to (1) whizzery/whizzypic.php or (2) whizzery/whizz…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2007-03-29
Medium

CVE-2006-4843

Cross-site scripting (XSS) vulnerability in the Active Content Filter feature in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to inject arbitrary web script or HTML…

CVSS: 4.3 CWE: N/A View on NVD
2007-03-28
Low

CVE-2007-1732

Cross-site scripting (XSS) vulnerability in an mt import in wp-admin/admin.php in WordPress 2.1.2 allows remote authenticated administrators to inject arbitrary web script or HTML via the demo parame…

CVSS: 3.5 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-1723

Multiple cross-site scripting (XSS) vulnerabilities in the administration console in Secure Computing CipherTrust IronMail 6.1.1 allow remote attackers to inject arbitrary web script or HTML via the…

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2007-03-27
Medium

CVE-2007-1714

Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 allows remote attackers to inject arbitrary web script or HTML via dir parameter.

CVSS: 6.8 CWE: N/A View on NVD
2007-03-26
Medium

CVE-2007-1678

Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension for Firefox allows remote attackers to inject arbitrary web script or HTML via RSS feeds, which are executed by the chrome: URI ha…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1679

Multiple cross-site scripting (XSS) vulnerabilities in Horde Groupware Webmail 1.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors in (1) imp/search.ph…

CVSS: 5.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2007-03-24
Medium

CVE-2007-1646

Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the searchtext parameter to (a) /search, or the (2) message p…

CVSS: 4.3 CWE: N/A View on NVD
2007-03-23
Medium

CVE-2007-1623

Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook 5.01, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) bg_color_1, (2)…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1625

Cross-site scripting (XSS) vulnerability in save_entry.php in realGuestbook 5.01 allows remote attackers to inject arbitrary web script or HTML via the homepage parameter, as reachable through add_en…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1622

Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject…

CVSS: 4.3 CWE: N/A View on NVD
2007-03-22
Medium

CVE-2007-1606

Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1609

Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script o…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1610

Cross-site scripting (XSS) vulnerability in the RSS reader in Glue Software NewsGlue before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via a feed.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1611

Cross-site scripting (XSS) vulnerability in the RSS reader in a certain SOURCENEXT product, probably IKANARI JIJYOU 1.0.0 and 1.0.1, allows remote attackers to inject arbitrary web script or HTML via…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-0240

Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request.

CVSS: 4.3 CWE: N/A View on NVD
2007-03-21
Medium

CVE-2007-1576

Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt 5.2.0, when magic_quotes_gpc is disabled, allow remote authenticated users to inject arbitrary web script or HTML via unspecified vect…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2007-03-20
Medium

CVE-2007-1551

Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 allow remote attackers to inject arbitrary web script or HTML via (1) the signature in "dans profile," or (2) search.php.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1519

Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-1515

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thre…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1508

Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in DirectAdmin allows remote attackers to inject arbitrary web script or HTML via the RESULT parameter, a different vector than CVE-2006-598…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2007-03-19
Medium

CVE-2007-1504

Cross-site scripting (XSS) vulnerability in the Servlet Service in Fujitsu Interstage Application Server (IJServer) 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML vi…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1506

Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2)…

CVSS: 4.3 CWE: N/A View on NVD
2007-03-16
Medium

CVE-2007-1494

Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "filters for https:// and…

CVSS: 6.8 CWE: N/A View on NVD
Low

CVE-2007-1467

Multiple cross-site scripting (XSS) vulnerabilities in (1) PreSearch.html and (2) PreSearch.class in Cisco Secure Access Control Server (ACS), VPN Client, Unified Personal Communicator, MeetingPlace,…

CVSS: 3.5 CWE: N/A View on NVD
Medium

CVE-2007-1468

Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest (CQ) Web 7.0.0.0 allows remote attackers to inject arbitrary web script or HTML via an attachment to a defect log entry.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-1473

Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in Horde Framework before 3.1.4 RC1, when the login page contains a language selection box, allows remote attackers to inject arbitra…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1479

Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative Guestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1482

Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows remote attackers to inject arbitrary web script or HTML via the e_id parameter in a viewentry cmd.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2007-03-14
Medium

CVE-2007-1454

ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1443

Multiple cross-site scripting (XSS) vulnerabilities in register.php in Woltlab Burning Board (wBB) 2.3.6 and Burning Board Lite 1.0.2pl3e allow remote attackers to inject arbitrary web script or HTML…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2007-03-13
Medium

CVE-2007-1433

Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the comment fields to (1) scripts/a…

CVSS: 4.3 CWE: N/A View on NVD
2007-03-12
Medium

CVE-2007-1418

Cross-site scripting (XSS) vulnerability in skins/ace/popup-notopic.php in MindTouch OpenGarden DekiWiki before Gooseberry++ allows remote attackers to inject arbitrary web script or HTML via the mes…

CVSS: 4.3 CWE: N/A View on NVD
2007-03-10
Medium

CVE-2007-1390

Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) recherche.php3 or (2) ajou…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1395

Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1405

Cross-site scripting (XSS) vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1374

Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the MSN parameter. NOTE: the provenance of…

CVSS: 4.3 CWE: N/A View on NVD
2007-03-09
Medium

CVE-2007-1367

Cross-site scripting (XSS) vulnerability in the login page in Avaya Communications Manager (CM) S87XX, S8500, and S8300 products before 3.1.3 allows remote attackers to inject arbitrary web script or…

CVSS: 4.3 CWE: N/A View on NVD
2007-03-08
Medium

CVE-2007-1342

Cross-site scripting (XSS) vulnerability in admincp/index.php in Jelsoft vBulletin 3.6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the add rss url form.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1361

Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in VirtueMart before 20070213 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this iss…

CVSS: 4.3 CWE: N/A View on NVD
2007-03-07
Medium

CVE-2007-1328

Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard JOLY BJ Webring allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter related to the add li…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1331

Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking Solutions ePortfolio 1.0 Java allow remote attackers to inject arbitrary web script or HTML via unspecified vectors that bypass the…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-7143

Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 and earlier allows remote attackers to inject arbitrary web script or HTML via the problem description field.

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-7149

Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the query string to (a) index.php, which reflects the string i…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-7158

Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-7137

Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 allows remote attackers to inject arbitrary web script or HTML via the shoutbox.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1291

Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug Tracking System (TygerBT) 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) Login.php and (…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2007-1305

Multiple cross-site scripting (XSS) vulnerabilities in add2.php in Sava's Guestbook 23.11.2006 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) country, (3) email,…

CVSS: 6.8 CWE: N/A View on NVD
2007-03-06
Medium

CVE-2007-1287

A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, whic…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-7122

Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inj…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2006-7125

Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly hand…

CVSS: 6.8 CWE: N/A View on NVD
2007-03-05
Medium

CVE-2007-1276

Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.

CVSS: 4.3 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2007-03-03
Medium

CVE-2007-1248

Multiple cross-site scripting (XSS) vulnerabilities in built2go News Manager Blog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) uid, and (3) nid parameters to…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-1231

Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) v…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-1234

Multiple cross-site scripting (XSS) vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via (1) the sxYear parameter to calendar.php, (2) the search parameter to se…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-1240

Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or th…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-1241

Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2007-1244

Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the del…

CVSS: 6.8 CWE: N/A View on NVD
2007-03-02
Medium

CVE-2007-1229

Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 800…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-1230

Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2006-7072

Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the (1) b[username] and (2) c parameters…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-7073

Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod before 2.4.5 allows remote attackers to inject arbitrary web script or HTML in Internet Explorer via unknown vectors related to th…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-7076

Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-7078

Multiple cross-site scripting (XSS) vulnerabilities in Professional Home Page Tools Login Script, as of July 2006, allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2)…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-7085

Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers to add arbitrary content and conduct XSS attacks via a direct request to add_art.php. NOTE: this issue was originally reported as…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-7093

Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 Security Patch 2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2007-1142

Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.ph…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-1145

Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-1151

Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error.

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-1159

Cross-site scripting (XSS) vulnerability in modules/out.php in Pyrophobia 2.1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this in…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-1161

Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-1174

Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in u…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1175

Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1176

Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments page…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1177

WebAPP before 0.9.9.5 does not properly filter certain characters in contexts related to (1) the query string, (2) Profiles, (3) the Forum Post icon field, (4) the Edit Profile, and (5) the Gallery,…

CVSS: 5.8 CWE: N/A View on NVD
Critical

CVE-2007-1197

Multiple unspecified vulnerabilities in Epiware before 4.7.5 have unknown impact and attack vectors, possibly related to cross-site scripting (XSS) and other unspecified issues.

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2007-1198

Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a variant of CVE-2007-0982.

CVSS: 4.3 CWE: N/A View on NVD
2007-02-27
Medium

CVE-2007-0996

The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cro…

CVSS: 5.8 CWE: N/A View on NVD
Medium

CVE-2007-1125

Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to inject arbitrary web script or HTML via the f parameter.

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1132

Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fiel…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2007-02-26
Medium

CVE-2007-1114

The child frames in Microsoft Internet Explorer 7 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote at…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2007-1115

The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-0780

browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cros…

CVSS: 6.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-1096

Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart before 20070116 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue might o…

CVSS: 6.8 CWE: N/A View on NVD
Medium

CVE-2007-1101

Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message ("comment") or (2) name field, or the (3) q p…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-1109

Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, o…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2007-1111

Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the css parameter to (1) flatevents.php, (2) js.php, (3)…

CVSS: 6.8 CWE: N/A View on NVD
2007-02-24
Medium

CVE-2006-7058

Multiple cross-site scripting (XSS) vulnerabilities in Sphider before 1.3.1c allow remote attackers to inject arbitrary web script or HTML via the catid parameter to (1) templates/standard/search_for…

CVSS: 4.3 CWE: N/A View on NVD
Medium

CVE-2006-7059

Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities (&#0000039) in IMG tags to (1)…

CVSS: 4.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2006-7061

Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverag…

CVSS: 9.3 CWE: N/A View on NVD
Critical

CVE-2006-7064

Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via th…

CVSS: 9.3 CWE: N/A View on NVD
Medium

CVE-2006-7042

Cross-site scripting (XSS) vulnerability in directory/index.php in Chipmunk directory allows remote attackers to inject arbitrary web script or HTML via the start parameter.

CVSS: 6.8 CWE: N/A View on NVD
Low

CVE-2006-7043

Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blogger allow remote authenticated users to inject arbitrary web script or HTML via script tags in (1) posts and (2) profile names; and…

CVSS: 3.5 CWE: N/A View on NVD
Medium

CVE-2006-7050

Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) before 1.1.6.2 allows remote attackers to inject arbitrary javascript via (1) events in forced links (url parameter) that are not pr…

CVSS: 6.8 CWE: N/A View on NVD
2007-02-23
Medium

CVE-2006-7033

Cross-site scripting (XSS) vulnerability in Super Link Exchange Script 1.0 allows remote attackers to inject arbitrary web script or HTML via IMG tags in the search box.

CVSS: 6.8 CWE: N/A View on NVD
High

CVE-2007-1085

Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, b…

CVSS: 7.6 CWE: N/A View on NVD