Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2007-07-25 CVE-2007-3977 Cross-Site Scripting vulnerability in Bwired
Cross-site scripting (XSS) vulnerability in bwired allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
bwired CWE-79
4.3
4.3
2007-07-24 CVE-2007-3954 Cross-Site Scripting vulnerability in multiple products
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are inserted into the command line that is created when invoking SeaMonkey.exe, a related issue to CVE-2007-3670. 		4.3
4.3
2007-07-19 CVE-2007-3910 Cross-Site Scripting vulnerability in Bandersnatch 0.4
Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows remote attackers to inject arbitrary JavaScript via a Jabber resource name and possibly other data items, which are stored in conversation logs. 		4.3
4.3
2007-07-18 CVE-2007-3887 Cross-Site Scripting vulnerability in ASP Ziyaretci Defteri ASP Ziyaretci Defteri 1.1
Multiple cross-site scripting (XSS) vulnerabilities in mesaj_formu.asp in ASP Ziyaretci Defteri 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Isim, (2) Mesajiniz, and (3) E-posta fields. 		4.3
4.3
2007-07-10 CVE-2007-3670 Cross-Site Scripting vulnerability in multiple products
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. 		4.3
4.3
2007-07-06 CVE-2007-3593 Cross-Site Scripting vulnerability in Adventnet Manageengine Netflow Analyzer 5
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine NetFlow Analyzer 5 allow remote attackers to inject arbitrary web script or HTML via the (1) alpha parameter in (a) netflow/jspui/applicationList.jsp, the (2) task parameter in (b) netflow/jspui/appConfig.jsp, the (3) view parameter in (c) netflow/jspui/index.jsp, and the (4) rtype parameter in (d) netflow/jspui/selectDevice.jsp and (e) netflow/jspui/customReport.jsp.
network
adventnet CWE-79
4.3
4.3
2007-07-05 CVE-2007-3574 Cross-Site Scripting vulnerability in Linksys Wag54Gs 1.00.06
Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname, (3) snmp_getcomm, or (4) snmp_setcomm parameter.
network
linksys CWE-79
4.3
4.3
2007-07-03 CVE-2007-3516 Cross-Site Scripting vulnerability in Gorki Online Santrac Sitesi
Multiple cross-site scripting (XSS) vulnerabilities in kayit.asp in Gorki Online Santrac Sitesi allow remote attackers to inject arbitrary web script or HTML via the (1) kullanici, (2) posta, or (3) takim_adi parameter to uyeler.asp. 		4.3
4.3
2007-06-30 CVE-2007-3503 Cross-Site Scripting vulnerability in Oracle JDK 1.5.0/1.6.0
The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
oracle CWE-79
4.3
4.3
2007-06-30 CVE-2007-2801 Cross-Site Scripting vulnerability in Eticket 1.5.5/1.5.5.1
Multiple cross-site scripting (XSS) vulnerabilities in open.php in eTicket 1.5.5 and 1.5.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) err and (2) warn parameters.
network
eticket CWE-79
4.3
4.3