Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-28 | CVE-2007-3482 | Cross-Site Scripting vulnerability in Apple Safari Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute. | 7.8 |
| 2007-06-27 | CVE-2007-3448 | Cross-Site Scripting vulnerability in Bugmall Shopping Cart Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. | 4.3 |
| 2007-06-26 | CVE-2007-3405 | Cross-Site Scripting vulnerability in Lebisoft Zdefter 4.0 Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp in Lebisoft zdefter 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ad and (2) konu parameters. | 4.3 |
| 2007-06-25 | CVE-2007-2401 | Cross-site Scripting vulnerability in Apple mac OS X and mac OS X Server CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1, allows remote attackers to inject arbitrary HTTP headers via LF characters in an XMLHttpRequest request, which are not filtered when serializing headers via the setRequestHeader function. | 4.3 |
| 2007-06-21 | CVE-2007-3339 | Cross-Site Scripting vulnerability in Fusetalk Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic, Standard, Enterprise, and ColdFusion allow remote attackers to inject arbitrary web script or HTML via the (1) FTVAR_LINKP and (2) FTVAR_URLP parameters to (a) forum/include/error/autherror.cfm, and the (3) FTVAR_SCRIPTRUN parameter to (b) forum/include/common/comfinish.cfm and (c) blog/include/common/comfinish.cfm. | 4.3 |
| 2007-06-20 | CVE-2007-3291 | Cross-Site Scripting vulnerability in Livecms Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php. | 4.3 |
| 2007-06-14 | CVE-2007-3227 | Cross-Site Scripting vulnerability in Rubyonrails Rails 1.1.5 Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values. | 4.3 |
| 2007-06-14 | CVE-2007-2391 | Cross-Site Scripting vulnerability in Apple Safari 3.0.1 Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. | 4.3 |
| 2007-06-11 | CVE-2007-3156 | Cross-Site Scripting vulnerability in Webmin Usermin and Webmin Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. | 4.3 |
| 2007-06-08 | CVE-2007-3137 | Cross-Site Scripting vulnerability in Webmaster Solutions Wmscms 2.0 Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. | 4.3 |