Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-02 | CVE-2007-1142 | Cross-Site Scripting vulnerability in Reamday Enterprises Magic News Plus 1.0.2 Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php. | 4.3 |
| 2007-02-27 | CVE-2007-1132 | Cross-Site Scripting vulnerability in Mtcms 2.2 Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields. | 4.3 |
| 2007-02-26 | CVE-2007-1115 | Cross-Site Scripting vulnerability in Opera Browser The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | 4.3 |
| 2007-02-26 | CVE-2007-0780 | Cross-Site Scripting vulnerability in multiple products browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI. | 6.8 |
| 2007-02-26 | CVE-2007-0995 | Cross-Site Scripting vulnerability in Mozilla Firefox and Seamonkey Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions. | 4.3 |
| 2007-02-26 | CVE-2007-1109 | Cross-Site Scripting vulnerability in PHPwebgallery Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7) date_type field in Search.php, a different vulnerability than CVE-2006-1674. | 4.3 |
| 2007-02-26 | CVE-2007-1101 | Cross-Site Scripting vulnerability in Photostand 1.2.0 Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message ("comment") or (2) name field, or the (3) q parameter in a search action in index.php. | 4.3 |
| 2007-02-24 | CVE-2006-7059 | Cross-Site Scripting vulnerability in Scriptsez.Net E-Dating System Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities (') in IMG tags to (1) messages, (2) profile fields, or (3) the id parameter in a dologin operation to cindex.php. | 4.3 |
| 2007-02-21 | CVE-2007-1050 | Cross-Site Scripting vulnerability in Abledesign Mycalendar Multiple cross-site scripting (XSS) vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via (1) the go parameter, (2) the keyword parameter in the search menu (go=search), or (3) the username or (4) the password in a go=Login action. | 4.3 |
| 2007-02-21 | CVE-2007-1012 | Cross-Site Scripting vulnerability in Deskpro 1.1.0 Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the article parameter. | 4.3 |