Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-07-27 | CVE-2008-3336 | Cross-Site Scripting vulnerability in Punbb Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php. | 4.3 |
2008-07-27 | CVE-2008-3334 | Cross-Site Scripting vulnerability in Mybb Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php. | 4.3 |
2008-07-27 | CVE-2008-3331 | Cross-Site Scripting vulnerability in Mantis Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter. | 3.5 |
2008-07-27 | CVE-2008-3330 | Cross-Site Scripting vulnerability in Debian Horde and Turba Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name. | 4.3 |
2008-07-27 | CVE-2008-3328 | Cross-Site Scripting vulnerability in Edgewall Software Trac Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2008-07-25 | CVE-2008-3326 | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title). | 2.6 |
2008-07-25 | CVE-2008-3316 | Cross-Site Scripting vulnerability in Portalparts Forum Plugin 2.3.1 Cross-site scripting (XSS) vulnerability in the search feature in the Forum plugin before 2.7.1 for Geeklog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to (1) public_html/index.php, (2) config.php, and (3) functions.inc. | 4.3 |
2008-07-25 | CVE-2008-3315 | Cross-Site Scripting vulnerability in Claroline 1.8.10 Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php. | 4.3 |
2008-07-25 | CVE-2008-3305 | Cross-Site Scripting vulnerability in Carlos Desseno Youtube Blog 0.1 Cross-site scripting (XSS) vulnerability in mensaje.php in C. | 4.3 |
2008-07-25 | CVE-2008-3301 | Cross-Site Scripting vulnerability in Tuxplanet Bilboblog 0.2.1 Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to inject arbitrary web script or HTML via the (2) titleId parameter to head.php, reachable through index.php; the (3) t_lang[lang_copyright] parameter to footer.php; the (4) content parameter to the default URI under admin/; the (5) url, (6) t_lang[lang_admin_help], (7) t_lang[lang_admin_clear_cache], (8) t_lang[lang_admin_home], and (9) t_lang[lang_admin_logout] parameters to admin/homelink.php; and the (10) t_lang[lang_admin_new_post] parameter to admin/post.php. | 3.5 |