Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-01-22 | CVE-2009-0247 | Cross-Site Scripting vulnerability in 53Kf web IM 2009 NIL The server for 53KF Web IM 2009 Home, Professional, and Enterprise editions relies on client-side protection mechanisms against cross-site scripting (XSS), which allows remote attackers to conduct XSS attacks by using a modified client to send a crafted IM message, related to the msg variable. | 4.3 |
| 2009-01-22 | CVE-2008-5944 | Cross-Site Scripting vulnerability in Navboard 16 Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 (2.6.0) allows remote attackers to inject arbitrary web script or HTML via the module parameter. | 2.6 |
| 2009-01-22 | CVE-2008-5942 | Cross-Site Scripting vulnerability in Modxcms Multiple cross-site scripting (XSS) vulnerabilities in MODx before 0.9.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the preserveUrls function and (2) "username input." NOTE: vector 2 may be related to CVE-2008-5939. | 4.3 |
| 2009-01-22 | CVE-2008-5939 | Cross-Site Scripting vulnerability in Modxcms Cross-site scripting (XSS) vulnerability in index.php in MODx CMS 0.9.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in the username field, possibly related to snippet.ditto.php. | 4.3 |
| 2009-01-22 | CVE-2009-0245 | Cross-Site Scripting vulnerability in Usagi Mynets Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-4629. | 4.3 |
| 2009-01-21 | CVE-2008-5933 | Cross-Site Scripting vulnerability in Cmsisweb CMS Isweb 3.0 Multiple cross-site scripting (XSS) vulnerabilities in index.php in CMS ISWEB 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the strcerca parameter (aka the input field for the cerca action) or (2) the id_oggetto parameter. | 4.3 |
| 2009-01-21 | CVE-2008-5918 | Cross-Site Scripting vulnerability in Tigris Websvn Cross-site scripting (XSS) vulnerability in the getParameterisedSelfUrl function in index.php in WebSVN 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
| 2009-01-21 | CVE-2008-5917 | Cross-Site Scripting vulnerability in Horde Application Framework 3.2.2/3.3 Cross-site scripting (XSS) vulnerability in the XSS filter (framework/Text_Filter/Filter/xss.php) in Horde Application Framework 3.2.2 and 3.3, when Internet Explorer is being used, allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to style attributes. | 4.3 |
| 2009-01-16 | CVE-2008-3821 | Cross-Site Scripting vulnerability in Cisco IOS Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server in Cisco IOS 11.0 through 12.4 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to the ping program or (2) unspecified other aspects of the URI. | 4.3 |
| 2009-01-12 | CVE-2008-5893 | Cross-Site Scripting vulnerability in Icash Click&Email NIL Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ClickAndEmail allows remote attackers to inject arbitrary web script or HTML via the tablename parameter in an update action. | 2.6 |