Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-12 | CVE-2007-5429 | Cross-Site Scripting vulnerability in Nucleus CMS Nucleus CMS 3.01 Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01 allows remote attackers to inject arbitrary web script or HTML via the archive parameter. | 4.3 |
| 2007-10-12 | CVE-2007-5428 | Cross-Site Scripting vulnerability in Umi-Cms UMI CMS Cross-site scripting (XSS) vulnerability in UMI CMS allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to the default URI in search_do/. | 4.3 |
| 2007-10-12 | CVE-2007-5427 | Cross-Site Scripting vulnerability in Joomla COM Search Component and Joomla Cross-site scripting (XSS) vulnerability in the com_search component in Joomla! 1.0.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchword parameter. | 4.3 |
| 2007-10-12 | CVE-2007-5426 | Cross-Site Scripting vulnerability in Interspire Activekb NX 2.5.4 Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB NX 2.5.4 allow remote attackers to inject arbitrary web script or HTML via the page parameter to the default URI for some directories, as demonstrated by (1) ActiveKB/ and (2) default/categories/ActiveKB/. | 4.3 |
| 2007-10-12 | CVE-2007-5415 | Cross-Site Scripting vulnerability in Mozilla Firefox 2.0 Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses '/' (slash) characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5414. | 4.3 |
| 2007-10-12 | CVE-2007-5414 | Cross-Site Scripting vulnerability in Mozilla Firefox Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 2.0, when UTF-7 document content is rendered directly in UTF-7, allows remote attackers to inject arbitrary web script or HTML via a gopher URI that uses single quote characters to delimit a literal string within an XSS sequence, a related issue to CVE-2007-5415. | 2.6 |
| 2007-10-12 | CVE-2007-5411 | Cross-Site Scripting vulnerability in Linksys Spa941 Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP Phone with firmware 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the From header in a SIP message. | 4.3 |
| 2007-10-12 | CVE-2007-5386 | Cross-Site Scripting vulnerability in PHPmyadmin 2.11.1 Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
| 2007-10-12 | CVE-2007-5385 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2007-10-11 | CVE-2007-5370 | Cross-Site Scripting vulnerability in Netwin Dnewsweb 57E1 Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/dnewsweb.exe in NetWin DNewsWeb (DNews News Server) 57e1 allow remote attackers to inject arbitrary web script or HTML via the (1) group or (2) utag parameter. | 4.3 |