Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2725 | Cross-Site Scripting vulnerability in Aztek Forum Aztek Forum 4.0 Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in (a) search.php, (2) the email parameter in (b) subscribe.php, and (3) the return and (4) title parameters in (c) forum_2.php. | 4.3 |
| 2004-12-31 | CVE-2004-2720 | Cross-Site Scripting vulnerability in Snitz Communications Snitz Forums 2000 Cross-site scripting (XSS) vulnerability in register.asp in Snitz Forums 2000 3.4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via javascript events in the Email parameter. | 4.3 |
| 2004-12-31 | CVE-2004-2704 | Cross-Site Scripting vulnerability in multiple products Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link, which facilitates cross-site scripting (XSS) and possibly other attacks. | 4.3 |
| 2004-12-31 | CVE-2004-2702 | Cross-Site Scripting vulnerability in Swsoft Plesk 7.0/7.1 Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. | 4.3 |
| 2004-12-31 | CVE-2004-2701 | Cross-Site Scripting vulnerability in Aspdotnetstorefront 3.3 Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter. | 4.3 |
| 2004-12-31 | CVE-2004-2688 | Cross-Site Scripting vulnerability in Newsphp Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. | 4.3 |
| 2004-12-31 | CVE-2004-1863 | Cross-Site Scripting vulnerability in XMB Forum XMB 1.8Sp3/1.9Beta Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php. | 4.3 |
| 2004-12-31 | CVE-2004-1424 | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
| 2004-11-23 | CVE-2004-0203 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 5.5 Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query. | 4.3 |
| 2004-08-06 | CVE-2004-0678 | Cross-Site Scripting vulnerability in 12Planet Chat Server 2.9 Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in 12Planet Chat Server 2.9 allows remote attackers to execute arbitrary script as other users via the page parameter. | 4.3 |