Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-08-19 | CVE-2008-3709 | Cross-Site Scripting vulnerability in Hotscripts Cyboards PHP Lite 1.21 Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP Lite 1.21 allow remote attackers to inject arbitrary web script or HTML via the (1) lOptionsOptions, (2) lNavAdminOptions, or (3) lNavReturn parameter to options.php; or the (4) lNavReturn parameter to subscribe.php. | 4.3 |
2008-08-15 | CVE-2008-3700 | Cross-Site Scripting vulnerability in Kayako Supportsuite Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation. | 4.3 |
2008-08-14 | CVE-2008-3679 | Cross-Site Scripting vulnerability in Idevspot PHPlinkexchange 1.01 Multiple cross-site scripting (XSS) vulnerabilities in index.php in IDevSpot PhpLinkExchange 1.01 allow remote attackers to inject arbitrary web script or HTML via the catid parameter in a (1) user_add, (2) recip, (3) tellafriend, or (4) contact action, or (5) in a request without an action; or (6) the id parameter in a tellafriend action. | 4.3 |
2008-08-14 | CVE-2008-3678 | Cross-Site Scripting vulnerability in Damian Hickey Freeway Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway before 1.4.2.197 allows remote attackers to inject arbitrary web script or HTML via the URL. | 4.3 |
2008-08-13 | CVE-2008-3668 | Cross-Site Scripting vulnerability in Marcello Brandao Yogurt Social Network Module 3.2 Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap. | 4.3 |
2008-08-13 | CVE-2008-3516 | Cross-Site Scripting vulnerability in Adobe Presenter 6/7 Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3515. | 4.3 |
2008-08-13 | CVE-2008-3515 | Cross-Site Scripting vulnerability in Adobe Presenter 6/7 Multiple cross-site scripting (XSS) vulnerabilities in files generated by Adobe Presenter 6 and 7 before 7.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) viewer.swf and (2) loadflash.js, a different vulnerability than CVE-2008-3516. | 4.3 |
2008-08-12 | CVE-2008-3596 | Cross-Site Scripting vulnerability in Harmoni Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 allows remote attackers to inject arbitrary web script or HTML via the Username field, which is inserted into logs that could be rendered when viewed by an administrator. | 4.3 |
2008-08-11 | CVE-2008-3587 | Cross-Site Scripting vulnerability in Needscripts Homes 4 Sale Cross-site scripting (XSS) vulnerability in result.php in Chris Bunting Homes 4 Sale allows remote attackers to inject arbitrary web script or HTML via the r parameter. | 4.3 |
2008-08-10 | CVE-2008-3581 | Cross-Site Scripting vulnerability in Qsoft K-Links Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links allows remote attackers to inject arbitrary web script or HTML via the login_message parameter in a login action. | 4.3 |