Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-03 | CVE-2007-1231 | Cross-Site Scripting vulnerability in Sqlitemanager 1.2.0 Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) view, (5) trigger, and (6) function fields in main.php and certain other files. | 4.3 |
| 2007-03-02 | CVE-2007-1229 | Cross-Site Scripting vulnerability in Nullsoft Shoutcast Server 1.9.7 Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file. | 4.3 |
| 2007-03-02 | CVE-2007-1161 | Cross-Site Scripting vulnerability in Call Center Software Call Center Software 0.93 Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element. | 4.3 |
| 2007-03-02 | CVE-2007-1159 | Cross-Site Scripting vulnerability in Pyrophobia 2.1.3.1 Cross-site scripting (XSS) vulnerability in modules/out.php in Pyrophobia 2.1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
| 2007-03-02 | CVE-2007-1151 | Cross-Site Scripting vulnerability in Lovecms 1.4 Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error. | 4.3 |
| 2007-03-02 | CVE-2007-1145 | Cross-Site Scripting vulnerability in Kayako Esupport 3.00.13/3.04.10 Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. | 4.3 |
| 2007-03-02 | CVE-2007-1142 | Cross-Site Scripting vulnerability in Reamday Enterprises Magic News Plus 1.0.2 Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php. | 4.3 |
| 2007-02-27 | CVE-2007-1132 | Cross-Site Scripting vulnerability in Mtcms 2.2 Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields. | 4.3 |
| 2007-02-26 | CVE-2007-1115 | Cross-Site Scripting vulnerability in Opera Browser The child frames in Opera 9 before 9.20 inherit the default charset from the parent window when a charset is not specified in an HTTP Content-Type header or META tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set. | 4.3 |
| 2007-02-26 | CVE-2007-0780 | Cross-Site Scripting vulnerability in multiple products browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked popup originating from a javascript: URI in combination with multiple frames having the same data: URI. | 6.8 |