Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-08-14 | CVE-2008-3679 | Cross-Site Scripting vulnerability in Idevspot PHPlinkexchange 1.01 Multiple cross-site scripting (XSS) vulnerabilities in index.php in IDevSpot PhpLinkExchange 1.01 allow remote attackers to inject arbitrary web script or HTML via the catid parameter in a (1) user_add, (2) recip, (3) tellafriend, or (4) contact action, or (5) in a request without an action; or (6) the id parameter in a tellafriend action. | 4.3 |
| 2008-08-14 | CVE-2008-3678 | Cross-Site Scripting vulnerability in Damian Hickey Freeway Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway before 1.4.2.197 allows remote attackers to inject arbitrary web script or HTML via the URL. | 4.3 |
| 2008-08-13 | CVE-2008-3668 | Cross-Site Scripting vulnerability in Marcello Brandao Yogurt Social Network Module 3.2 Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap. | 4.3 |
| 2008-08-13 | CVE-2008-3516 | Cross-Site Scripting vulnerability in Adobe Presenter 6/7 Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3515. | 4.3 |
| 2008-08-13 | CVE-2008-3515 | Cross-Site Scripting vulnerability in Adobe Presenter 6/7 Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516. | 4.3 |
| 2008-08-12 | CVE-2008-3596 | Cross-Site Scripting vulnerability in Harmoni Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 allows remote attackers to inject arbitrary web script or HTML via the Username field, which is inserted into logs that could be rendered when viewed by an administrator. | 4.3 |
| 2008-08-11 | CVE-2008-3587 | Cross-Site Scripting vulnerability in Needscripts Homes 4 Sale Cross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter. | 4.3 |
| 2008-08-10 | CVE-2008-3581 | Cross-Site Scripting vulnerability in Qsoft K-Links Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links allows remote attackers to inject arbitrary web script or HTML via the login_message parameter in a login action. | 4.3 |
| 2008-08-10 | CVE-2008-3574 | Cross-Site Scripting vulnerability in Pluck 4.5.2 Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) lang_footer parameter to (a) data/inc/footer.php; the (2) pluck_version, (3) lang_install22, (4) titelkop, (5) lang_kop1, (6) lang_kop2, (7) lang_modules, (8) lang_kop4, (9) lang_kop15, (10) lang_kop5, and (11) titelkop parameters to (b) data/inc/header.php; the pluck_version and titelkop parameters to (c) data/inc/header2.php; and the (14) lang_theme6 parameter to (d) data/inc/themeinstall.php. | 2.6 |
| 2008-08-10 | CVE-2008-3572 | Cross-Site Scripting vulnerability in Pligg CMS 9.9.5 Cross-site scripting (XSS) vulnerability in index.php in Pligg 9.9.5 allows remote attackers to inject arbitrary web script or HTML via the category parameter. | 4.3 |