Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-09-11 | CVE-2007-4813 | Cross-Site Scripting vulnerability in Domino Blogsphere Domino Blogsphere 3.01Beta7 Cross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 Beta 7 allows remote attackers to inject arbitrary web script or HTML via the name field. | 4.3 |
2007-09-11 | CVE-2007-4811 | Cross-Site Scripting vulnerability in Netjuke 1.0Rc2 Multiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 allow remote attackers to inject arbitrary web script or HTML via (1) the val parameter to alphabet.php in an alpha.albums action, or the PATH_INFO to (2) random.php or (3) admin/hidden.php. | 4.3 |
2007-09-10 | CVE-2007-4779 | Cross-Site Scripting vulnerability in Joomla 1.5.0Beta/1.5.0Beta2/1.5.0Rc1 Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the archive section. | 4.3 |
2007-09-10 | CVE-2007-4512 | Cross-Site Scripting vulnerability in Sophos Anti-Virus Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for Windows 6.x before 6.5.8 and 7.x before 7.0.1 allows remote attackers to inject arbitrary web script or HTML via an archive with a file that matches a virus signature and has a crafted filename that is not properly handled by the print function in SavMain.exe. | 4.3 |
2007-09-08 | CVE-2007-4760 | Cross-Site Scripting vulnerability in Hitachi products The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus 7 and 7.5 can generate HTML documents that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2007-09-06 | CVE-2007-4745 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook 3.42 and earlier component (com_akobook) for Mambo allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) gbmail and (2) gbpage parameters in the sign function. | 4.3 |
2007-09-06 | CVE-2007-4741 | Cross-Site Scripting vulnerability in Claroline Cross-site scripting (XSS) vulnerability in admin/adminusers.php in Claroline before 1.8.6 allows remote authenticated administrators to inject arbitrary web script or HTML via the sort parameter. | 3.5 |
2007-09-05 | CVE-2007-4717 | Cross-Site Scripting vulnerability in Claroline Multiple cross-site scripting (XSS) vulnerabilities in Claroline before 1.8.6 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) dir parameter in admin/adminusers.php, the (2) action parameter in admin/advancedUserSearch.php, and the (3) view parameter in admin/campusProblem.php. | 3.5 |
2007-09-05 | CVE-2007-4713 | Cross-Site Scripting vulnerability in ROI Revolution Urchin 5.6.00R2 Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters. | 4.3 |
2007-09-05 | CVE-2007-4711 | Cross-Site Scripting vulnerability in Www.Toms-Seiten.At Toms Gaestebuch 1.00 Multiple cross-site scripting (XSS) vulnerabilities in Toms Gaestebuch 1.00 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage, (2) mail, and (3) name parameters in a show action to (a) form.php; the (4) language and (5) anzeigebreite parameters to (b) admin/header.php; and the (6) msg parameter to (c) install.php, different vectors than CVE-2006-0706. | 4.3 |