Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-01-12 | CVE-2008-5891 | Cross-Site Scripting vulnerability in Injader Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2009-01-12 | CVE-2008-5889 | Cross-Site Scripting vulnerability in Icash Click&Rank NIL Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank allows remote attackers to inject arbitrary web script or HTML via the action parameter. | 4.3 |
2009-01-09 | CVE-2009-0107 | Cross-Site Scripting vulnerability in PHPauctions NIL Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions (aka PHPAuctionSystem) allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. | 4.3 |
2009-01-09 | CVE-2009-0105 | Cross-Site Scripting vulnerability in Se-Ed Ezpack 4.2 Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 allows remote attackers to inject arbitrary web script or HTML via the mdfd parameter in a prog action. | 4.3 |
2009-01-08 | CVE-2008-5879 | Cross-Site Scripting vulnerability in PHPclanwebsite Cross-site scripting (XSS) vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, allows remote attackers to inject arbitrary web script or HTML via the page parameter and other unspecified vectors. | 4.3 |
2009-01-08 | CVE-2008-5869 | Cross-Site Scripting vulnerability in Proxim Tsunami Mp.11 2411 3.0.3 Cross-site scripting (XSS) vulnerability in the Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 allows remote authenticated users to inject arbitrary web script or HTML via the system.sysName.0 SNMP OID. | 4.3 |
2009-01-06 | CVE-2008-5858 | Cross-Site Scripting vulnerability in Knowledgetree Document Management Knowledgetree Document Management Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree before 3.5.4a allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2007-4281. | 4.3 |
2009-01-06 | CVE-2008-5854 | Cross-Site Scripting vulnerability in Myphpscripts Login Session 2.0 Multiple cross-site scripting (XSS) vulnerabilities in login.php in myPHPscripts Login Session 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ls_user and (2) ls_email parameters (aka the User form) in an ls_register action. | 4.3 |
2009-01-05 | CVE-2008-5845 | Cross-Site Scripting vulnerability in Sixapart Movable Type Multiple cross-site scripting (XSS) vulnerabilities in Six Apart Movable Type (MT) before 4.23 allow remote attackers to inject arbitrary web script or HTML via a (1) MTEntryAuthorUsername, (2) MTAuthorDisplayName, (3) MTEntryAuthorDisplayName, or (4) MTCommenterName field in a Profile View template; a (5) listing screen or (6) edit screen in the CMS app; (7) a TrackBack title, related to the HTML sanitization library; or (8) a user archive name (aka archive title) on a published Community Blog template. | 4.3 |
2009-01-05 | CVE-2008-5842 | Cross-Site Scripting vulnerability in Fujitsu-Siemens Webtransactions 6.0/7.0/7.1 Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via vectors associated with (1) a demo application shipped with WebTransactions and possibly (2) an unspecified "dynamic application." | 4.3 |