Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-09 | CVE-2007-5280 | Cross-Site Scripting vulnerability in Appfuse 2.0Rc1 Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in AppFuse before 2.0 Final allow remote attackers to inject arbitrary web script or HTML via unspecified input that is recorded in (1) success or (2) error messages. | 4.3 |
| 2007-10-06 | CVE-2007-5255 | Cross-Site Scripting vulnerability in Google Mini Search Appliance 3.4.14 Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance 3.4.14 allows remote attackers to inject arbitrary web script or HTML via the ie parameter to the /search URI. | 4.3 |
| 2007-10-06 | CVE-2007-5235 | Cross-Site Scripting vulnerability in Uebimiau 2.7.10/2.7.2/2.7.9 Cross-site scripting (XSS) vulnerability in index.php in Uebimiau 2.7.2 through 2.7.10 allows remote attackers to inject arbitrary web script or HTML via the f_email parameter. | 4.3 |
| 2007-10-05 | CVE-2007-5228 | Cross-Site Scripting vulnerability in Drupal Project Issue Tracking Cross-site scripting (XSS) vulnerability in the subscription functionality in the Project issue tracking module before 4.7.x-1.5, 4.7.x-2.x before 4.7.x-2.5, and 5.x-1.x before 5.x-1.1 for Drupal allows remote authenticated users with project create or edit permissions to inject arbitrary web script or HTML via unspecified vectors involving a (1) individual or (2) overview form. | 3.5 |
| 2007-10-05 | CVE-2007-5227 | Cross-Site Scripting vulnerability in Blackboard Learning and Community Post Systems 6.3.1.593 Multiple cross-site scripting (XSS) vulnerabilities in messaging/course/composeMessage.jsp in BlackBoard Learning System 6.3.1.593 and earlier in BlackBoard Academic Suite allow remote attackers to inject arbitrary web script or HTML via the (1) subject_t and (2) body_text parameters. | 4.3 |
| 2007-10-05 | CVE-2007-3918 | Cross-Site Scripting vulnerability in Gforge 4.6B2 Cross-site scripting (XSS) vulnerability in account/verify.php in GForge 4.6b2 allows remote attackers to inject arbitrary web script or HTML via the confirm_hash parameter. | 4.3 |
| 2007-10-05 | CVE-2007-5218 | Cross-Site Scripting vulnerability in DON Barnes Drbguestbook 1.1.13 Cross-site scripting (XSS) vulnerability in index.php in Don Barnes DRBGuestbook 1.1.13 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | 4.3 |
| 2007-10-05 | CVE-2007-5078 | Cross-Site Scripting vulnerability in Egov Manger Multiple cross-site scripting (XSS) vulnerabilities in eGov Manager allow remote attackers to inject arbitrary web script or HTML via unspecified "user-supplied input" to (1) center.exe or (2) Index.exe. | 4.3 |
| 2007-10-04 | CVE-2007-5214 | Cross-Site Scripting vulnerability in Axis 2100 Network Camera Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to the default URI associated with a directory, as demonstrated by (a) the root directory and (b) the view/ directory; (2) parameters associated with saved settings, as demonstrated by (c) the conf_Network_HostName parameter on the Network page and (d) the conf_Layout_OwnTitle parameter to ServerManager.srv; and (3) the query string to ServerManager.srv, which is displayed on the logs page. | 4.3 |
| 2007-10-04 | CVE-2007-5212 | Cross-Site Scripting vulnerability in Axis 2100 Network Camera and 2100 Network Camera Firmware Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware before 2.43 allow remote attackers to inject arbitrary web script or HTML via (1) parameters associated with saved settings, as demonstrated by the conf_SMTP_MailServer1 parameter to ServerManager.srv; or (2) the subpage parameter to wizard/first/wizard_main_first.shtml. | 4.3 |