Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-08-26 | CVE-2008-3779 | Cross-Site Scripting vulnerability in Review-Script Five Star Review Script Cross-site scripting (XSS) vulnerability in search/index.php in Five Star Review Script allows remote attackers to inject arbitrary web script or HTML via the words parameter in a search action. | 4.3 |
2008-08-22 | CVE-2008-3773 | Cross-Site Scripting vulnerability in Vbulletin 3.6.10/3.7.2 Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when "Show New Private Message Notification Pop-Up" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title]). | 4.3 |
2008-08-22 | CVE-2008-3771 | Cross-Site Scripting vulnerability in Pars4U Videosharing 1 Cross-site scripting (XSS) vulnerability in members.php in Pars4u Videosharing 1 allows remote attackers to inject arbitrary web script or HTML via the PageNo parameter. | 4.3 |
2008-08-21 | CVE-2008-3758 | Cross-Site Scripting vulnerability in Lussumo Vanilla Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla 1.1.4 and earlier (1) allow remote attackers to inject arbitrary web script or HTML via the NewPassword parameter to people.php, and allow remote authenticated users to inject arbitrary web script or HTML via the (2) Account picture and (3) Icon fields in account.php. | 4.3 |
2008-08-20 | CVE-2008-3735 | Cross-Site Scripting vulnerability in PHPizabi 0.848B Cross-site scripting (XSS) vulnerability in index.php in PHPizabi before 848 Core HotFix Pack 3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a blogs.search action. | 4.3 |
2008-08-20 | CVE-2008-3730 | Cross-Site Scripting vulnerability in Nordicwind Noah and Nordicwind Document Management System Cross-site scripting (XSS) vulnerability in Nordicwind Document Management System (NOAH) before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2008-08-20 | CVE-2008-3726 | Cross-Site Scripting vulnerability in Microworld Technologies Mailscan 5.6.A Cross-site scripting (XSS) vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to inject arbitrary web script or HTML via the URI. | 4.3 |
2008-08-19 | CVE-2008-3715 | Cross-Site Scripting vulnerability in Flexcms 2.0/2.5 Cross-site scripting (XSS) vulnerability in inc-core-admin-editor-previouscolorsjs.php in the FlexCMS 2.5 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the PreviousColorsString parameter. | 2.6 |
2008-08-19 | CVE-2008-3714 | Cross-Site Scripting vulnerability in Awstats 6.8 Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945. | 4.3 |
2008-08-19 | CVE-2008-3712 | Cross-Site Scripting vulnerability in Mambo 4.6.2/4.6.5 Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and 4.6.5, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) query string to mambots/editors/mostlyce/jscripts/tiny_mce/filemanager/connectors/php/connector.php and the (2) mosConfig_sitename parameter to administrator/popups/index3pop.php. | 2.6 |