Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2008-07-27 CVE-2008-3336 Cross-Site Scripting vulnerability in Punbb
Multiple cross-site scripting (XSS) vulnerabilities in PunBB before 1.2.19 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in (1) include/parser.php and (2) moderate.php.
network
punbb CWE-79
4.3
4.3
2008-07-27 CVE-2008-3334 Cross-Site Scripting vulnerability in Mybb
Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving search.php.
network
mybb CWE-79
4.3
4.3
2008-07-27 CVE-2008-3331 Cross-Site Scripting vulnerability in Mantis
Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php in Mantis before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the filter_target parameter.
network
mantis CWE-79
3.5
3.5
2008-07-27 CVE-2008-3330 Cross-Site Scripting vulnerability in Debian Horde and Turba
Cross-site scripting (XSS) vulnerability in services/obrowser/index.php in Horde 3.2 and Turba 2.2 allows remote attackers to inject arbitrary web script or HTML via the contact name.
network
debian CWE-79
4.3
4.3
2008-07-27 CVE-2008-3328 Cross-Site Scripting vulnerability in Edgewall Software Trac
Cross-site scripting (XSS) vulnerability in the wiki engine in Trac before 0.10.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. 		4.3
4.3
2008-07-25 CVE-2008-3326 Cross-Site Scripting vulnerability in Moodle
Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).
network
high complexity
moodle CWE-79
2.6
2.6
2008-07-25 CVE-2008-3316 Cross-Site Scripting vulnerability in Portalparts Forum Plugin 2.3.1
Cross-site scripting (XSS) vulnerability in the search feature in the Forum plugin before 2.7.1 for Geeklog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to (1) public_html/index.php, (2) config.php, and (3) functions.inc. 		4.3
4.3
2008-07-25 CVE-2008-3315 Cross-Site Scripting vulnerability in Claroline 1.8.10
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.10 allow remote attackers to inject arbitrary web script or HTML via the (1) query string to (a) announcements/messages.php; (b) lostPassword.php and (c) profile.php in auth/; (d) calendar/myagenda.php; (e) group/group.php; (f) learningPath.php, (g) learningPathList.php, and (h) module.php in learnPath/; (i) phpbb/index.php; (j) courseLog.php, (k) course_access_details.php, (l) delete_course_stats.php, (m) userLog.php, and (n) user_access_details.php in tracking/; (o) user/user.php; and (p) user/userInfo.php; the (2) view parameter to (q) tracking/courseLog.php; and the (3) toolId parameter to (r) tracking/toolaccess_details.php.
network
claroline CWE-79
4.3
4.3
2008-07-25 CVE-2008-3305 Cross-Site Scripting vulnerability in Carlos Desseno Youtube Blog 0.1
Cross-site scripting (XSS) vulnerability in mensaje.php in C. 		4.3
4.3
2008-07-25 CVE-2008-3301 Cross-Site Scripting vulnerability in Tuxplanet Bilboblog 0.2.1
Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) content parameter to admin/update.php, related to conflicting code in widget.php; and allow remote attackers to inject arbitrary web script or HTML via the (2) titleId parameter to head.php, reachable through index.php; the (3) t_lang[lang_copyright] parameter to footer.php; the (4) content parameter to the default URI under admin/; the (5) url, (6) t_lang[lang_admin_help], (7) t_lang[lang_admin_clear_cache], (8) t_lang[lang_admin_home], and (9) t_lang[lang_admin_logout] parameters to admin/homelink.php; and the (10) t_lang[lang_admin_new_post] parameter to admin/post.php.
network
tuxplanet CWE-79
3.5
3.5