Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-06-21 | CVE-2007-3339 | Cross-Site Scripting vulnerability in Fusetalk Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic, Standard, Enterprise, and ColdFusion allow remote attackers to inject arbitrary web script or HTML via the (1) FTVAR_LINKP and (2) FTVAR_URLP parameters to (a) forum/include/error/autherror.cfm, and the (3) FTVAR_SCRIPTRUN parameter to (b) forum/include/common/comfinish.cfm and (c) blog/include/common/comfinish.cfm. | 4.3 |
2007-06-20 | CVE-2007-3291 | Cross-Site Scripting vulnerability in Livecms Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via an article name, possibly involving the titulo parameter in article.php. | 4.3 |
2007-06-14 | CVE-2007-3227 | Cross-Site Scripting vulnerability in Rubyonrails Rails 1.1.5 Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values. | 4.3 |
2007-06-14 | CVE-2007-2391 | Cross-Site Scripting vulnerability in Apple Safari 3.0.1 Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 for Windows allows remote attackers to inject arbitrary web script or HTML via a web page that includes a windows.setTimeout function that is activated after the user has moved from the current page. | 4.3 |
2007-06-11 | CVE-2007-3156 | Cross-Site Scripting vulnerability in Webmin Usermin and Webmin Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. | 4.3 |
2007-06-08 | CVE-2007-3137 | Cross-Site Scripting vulnerability in Webmaster Solutions Wmscms 2.0 Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. | 4.3 |
2007-06-06 | CVE-2007-3064 | Cross-Site Scripting vulnerability in Mealex MY Datebook Cross-site scripting (XSS) vulnerability in diary.php in My Databook allows remote attackers to inject arbitrary web script or HTML via the year parameter. | 4.3 |
2007-06-06 | CVE-2007-3056 | Cross-Site Scripting vulnerability in Websvn 1.61/2.0 Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter. | 4.3 |
2007-05-30 | CVE-2007-2914 | Cross-Site Scripting vulnerability in Psychostats 3.0.6B Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified files. | 4.3 |
2007-05-30 | CVE-2007-2910 | Cross-Site Scripting vulnerability in Jelsoft Vbulletin Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.6.7 PL1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the vb_367_xss_fix_plugin.xml update, a related issue to CVE-2007-2909. | 4.3 |