Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-08-10 | CVE-2008-3569 | Cross-Site Scripting vulnerability in Apache Friends Xampp 1.6.7 Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the text parameter to (1) iart.php and (2) ming.php. | 4.3 |
| 2008-08-10 | CVE-2008-3567 | Cross-Site Scripting vulnerability in Nullsoft Winamp Cross-zone scripting vulnerability in the NowPlaying functionality in NullSoft Winamp before 5.541 allows remote attackers to conduct cross-site scripting (XSS) attacks via an MP3 file with JavaScript in id3 tags. | 4.3 |
| 2008-08-10 | CVE-2008-3566 | Cross-Site Scripting vulnerability in Zoneo-Soft Freeforum 1.7 Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter to (1) the default URI or (2) index.php, or (3) the PATH_INFO to index.php. | 4.3 |
| 2008-08-10 | CVE-2008-3565 | Cross-Site Scripting vulnerability in Mrbs 1.2.6 Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. | 4.3 |
| 2008-08-08 | CVE-2008-3560 | Cross-Site Scripting vulnerability in Xoops Kshop Module 2.22 Cross-site scripting (XSS) vulnerability in kshop_search.php in the Kshop module 2.22 for Xoops allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
| 2008-08-08 | CVE-2008-3559 | Cross-Site Scripting vulnerability in Kaphotoservice Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice allow remote attackers to inject arbitrary web script or HTML via the (1) filename parameter to search.asp and the (2) page parameter to order.asp. | 4.3 |
| 2008-08-07 | CVE-2008-3511 | Cross-Site Scripting vulnerability in Softbiz Image Gallery Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image Gallery (Photo Gallery) allow remote attackers to inject arbitrary web script or HTML via the (1) latest parameter to (a) index.php, (b) images.php, (c) suggest_image.php, and (d) image_desc.php; and the (2) msg parameter to index.php, images.php, and suggest_image.php, and (e) index.php, (f) adminhome.php, (g) config.php, (h) changepassword.php, (i) cleanup.php, (j) browsecats.php, and (k) images.php in admin/. | 4.3 |
| 2008-08-07 | CVE-2008-3510 | Cross-Site Scripting vulnerability in Crafty Syntax Live Help Crafty Syntax Live Help 2.4.16 Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty Syntax Live Help (CSLH) 2.14.6 allows remote attackers to inject arbitrary web script or HTML via the department parameter. | 4.3 |
| 2008-08-06 | CVE-2008-3505 | Cross-Site Scripting vulnerability in Polypager Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via the nr parameter to the default URI. | 4.3 |
| 2008-08-06 | CVE-2008-3501 | Cross-Site Scripting vulnerability in Novell Groupwise 7.0/7.0.2/7.0.3 Cross-site scripting (XSS) vulnerability in the WebAccess simple interface in Novell Groupwise 7.0.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |