Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-09-24 | CVE-2007-5072 | Cross-Site Scripting vulnerability in Alexander Palmo Simple PHP Blog Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog) before 0.5.1, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via certain user_colors array parameters to certain user_style.php files under themes/, as demonstrated by the user_colors[bg_color] parameter. | 4.3 |
2007-09-24 | CVE-2007-5059 | Cross-Site Scripting vulnerability in Greensql 0.2.2 Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL allow remote attackers to inject arbitrary web script or HTML via several vectors, as demonstrated by the (1) uname and (2) pass parameters in a login form, and (3) an unspecified "url value," leading to storage of XSS sequences in the database and display of these sequences in the alert section of the admin panel. | 4.3 |
2007-09-24 | CVE-2007-5058 | Cross-Site Scripting vulnerability in Barracuda Networks Barracuda Spam Firewall Cross-site scripting (XSS) vulnerability in the Web administration interface in Barracuda Spam Firewall before firmware 3.5.10.016 allows remote attackers to inject arbitrary web script or HTML via the username field in a login attempt, which is not properly handled when the Monitor Web Syslog screen is open. | 4.3 |
2007-09-24 | CVE-2007-5052 | Cross-Site Scripting vulnerability in Itcms Vigile CMS 1.8 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Vigile CMS 1.8 allow remote attackers to inject arbitrary web script or HTML via a request to the wiki module with (1) the title parameter or (2) a "title=" sequence in the PATH_INFO, or a request to the download module with (3) the cat parameter or (4) a "cat=" sequence in the PATH_INFO. | 4.3 |
2007-09-24 | CVE-2007-5051 | Cross-Site Scripting vulnerability in PHPgedview 4.1.1 Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) box_width, (2) PEDIGREE_GENERATIONS, and (3) rootid parameters in ancestry.php, and the (4) newpid parameter in timeline.php. | 4.3 |
2007-09-24 | CVE-2007-5046 | Cross-Site Scripting vulnerability in Icewarp Merak Mail Server 8.9.1/8.9.2 Cross-site scripting (XSS) vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element. | 4.3 |
2007-09-21 | CVE-2007-5033 | Cross-Site Scripting vulnerability in PHPbb XS PHPbb XS 2 Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 allows remote attackers to inject arbitrary web script or HTML via the selfdes parameter in a profile_info editprofile action. | 4.3 |
2007-09-21 | CVE-2007-5027 | Cross-Site Scripting vulnerability in Level ONE Wbr3404Tx Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/ddns in the web management panel for the WBR3404TX broadband router with firmware R1.94p0vTIG allow remote attackers to inject arbitrary web script or HTML via the (1) DD or (2) DU parameter. | 4.3 |
2007-09-20 | CVE-2007-5013 | Cross-Site Scripting vulnerability in Phormer 3.31 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Phormer 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) u, (2) p, (3) c, and (4) s parameters, and other unspecified vectors. | 4.3 |
2007-09-20 | CVE-2007-5012 | Cross-Site Scripting vulnerability in PHPwebgallery 1.7.0 Cross-site scripting (XSS) vulnerability in picture.php in PhpWebGallery 1.7.0, when Comments for all is enabled, allows remote attackers to inject arbitrary web script or HTML via the author parameter. | 4.3 |