Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-06-06 | CVE-2007-3064 | Cross-Site Scripting vulnerability in Mealex MY Datebook Cross-site scripting (XSS) vulnerability in diary.php in My Databook allows remote attackers to inject arbitrary web script or HTML via the year parameter. | 4.3 |
| 2007-06-06 | CVE-2007-3056 | Cross-Site Scripting vulnerability in Websvn 1.61/2.0 Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter. | 4.3 |
| 2007-05-30 | CVE-2007-2914 | Cross-Site Scripting vulnerability in Psychostats 3.0.6B Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files. | 4.3 |
| 2007-05-30 | CVE-2007-2910 | Cross-Site Scripting vulnerability in Jelsoft Vbulletin Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909. | 4.3 |
| 2007-05-22 | CVE-2007-2811 | Cross-Site Scripting vulnerability in OSK Advance-Flow Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2007-05-17 | CVE-2007-2745 | Cross-Site Scripting vulnerability in Vdesk Webmail 4.03 Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk Webmail 4.03 allows remote attackers to inject arbitrary web script or HTML via the type parameter. | 4.3 |
| 2007-05-11 | CVE-2007-1262 | Cross-Site Scripting vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter in SquirrelMail 1.4.0 through 1.4.9a allow remote attackers to inject arbitrary web script or HTML via the (1) data: URI in an HTML e-mail attachment or (2) various non-ASCII character sets that are not properly filtered when viewed with Microsoft Internet Explorer. | 4.3 |
| 2007-05-09 | CVE-2007-2581 | Cross-Site Scripting vulnerability in Microsoft products Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx. | 4.3 |
| 2007-05-08 | CVE-2007-2524 | Cross-Site Scripting vulnerability in Otrs 2.0.4 Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket Request System (OTRS) 2.0.x allows remote attackers to inject arbitrary web script or HTML via the Subaction parameter in an AgentTicketMailbox Action. | 4.3 |
| 2007-05-08 | CVE-2007-0220 | Cross-Site Scripting vulnerability in Microsoft Exchange Server 2000/2003 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label". | 6.8 |