Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-27 | CVE-2007-3758 | Cross-site Scripting vulnerability in Apple Safari Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on Windows and in Mac OS X 10.4 through 10.4.10, allows remote attackers to set Javascript window properties for web pages that are in a different domain, which can be leveraged to conduct cross-site scripting (XSS) attacks. | 4.3 |
| 2007-09-27 | CVE-2007-5127 | Cross-Site Scripting vulnerability in Simpgb 1.46.02 Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02 allow remote attackers to inject arbitrary web script or HTML via (1) the l_username parameter to the default URI under admin/ or (2) the l_emoticonlist parameter to admin/emoticonlist.php. | 4.3 |
| 2007-09-27 | CVE-2007-5121 | Cross-Site Scripting vulnerability in Jspwiki 2.5.139Beta Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta allows remote attackers to inject arbitrary web script or HTML via the redirect parameter to wiki-3/Login.jsp and unspecified other components. | 4.3 |
| 2007-09-27 | CVE-2007-5120 | Cross-Site Scripting vulnerability in Jspwiki 2.4.103/2.5.139Beta Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 and 2.5.139-beta allow remote attackers to inject arbitrary web script or HTML via the (1) group and (2) members parameters in (a) NewGroup.jsp; the (3) edittime parameter in (b) Edit.jsp; the (4) edittime, (5) author, and (6) link parameters in (c) Comment.jsp; the (7) loginname, (8) wikiname, (9) fullname, and (10) email parameters in (d) UserPreferences.jsp and (e) Login.jsp; the (11) r1 and (12) r2 parameters in (f) Diff.jsp; and the (13) changenote parameter in (g) PageInfo.jsp. | 4.3 |
| 2007-09-26 | CVE-2007-5112 | Cross-Site Scripting vulnerability in ROI Revolution Urchin Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. | 4.3 |
| 2007-09-26 | CVE-2007-5106 | Cross-Site Scripting vulnerability in Wordpress 2.0 Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 allows remote attackers to inject arbitrary web script or HTML via the user_login parameter. | 4.3 |
| 2007-09-26 | CVE-2007-5105 | Cross-Site Scripting vulnerability in Wordpress 2.0/2.0.1 Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter. | 4.3 |
| 2007-09-26 | CVE-2007-5091 | Cross-Site Scripting vulnerability in Egroupware 1.4.001 Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.4.001 allow remote attackers to inject arbitrary web script or HTML via the cat_data[color] parameter to (1) preferences/inc/class.uicategories.inc.php and (2) admin/inc/class.uicategories.inc.php. | 4.3 |
| 2007-09-26 | CVE-2007-5088 | Cross-Site Scripting vulnerability in Sisd Freeside 1.7.2 Cross-site scripting (XSS) vulnerability in search/cust_bill_event.cgi in Freeside 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the failed parameter. | 4.3 |
| 2007-09-26 | CVE-2007-4874 | Cross-Site Scripting vulnerability in Boesch-It Simpnews 2.41.03 Multiple cross-site scripting (XSS) vulnerabilities in SimpNews 2.41.03 allow remote attackers to inject arbitrary web script or HTML via the (1) l_username parameter to admin/layout2b.php, and the (2) backurl parameter to comment.php. | 4.3 |