Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-11-20 | CVE-2007-6054 | Cross-Site Scripting vulnerability in Aruba Networks Mc-800 Cross-site scripting (XSS) vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the /screens URI, related to the url variable. | 4.3 |
2007-11-20 | CVE-2007-6037 | Cross-Site Scripting vulnerability in Citrix Netscaler 8.0Build47.8 Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in Citrix NetScaler 8.0 build 47.8 allows remote attackers to inject arbitrary web script or HTML via the standalone parameter and other unspecified parameters. | 4.3 |
2007-11-15 | CVE-2007-6003 | Cross-Site Scripting vulnerability in Thomson Speedtouch 716 Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the Thomson SpeedTouch 716 with firmware 5.4.0.14 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | 4.3 |
2007-11-15 | CVE-2007-6002 | Cross-Site Scripting vulnerability in Fenrir Grani and Sleipnir Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir 2.5.17 R2 and earlier and (2) Grani 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field in a search for additions to the Favorites section. | 4.3 |
2007-11-15 | CVE-2007-6001 | Cross-Site Scripting vulnerability in Bandersnatch 0.4 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) func or (2) date parameter, or the jid parameter in a (3) log or (4) user action, a different vulnerability than CVE-2007-3910. | 4.3 |
2007-11-15 | CVE-2007-5993 | Cross-Site Scripting vulnerability in Vtls Vtls.Web.Gateway Cross-site scripting (XSS) vulnerability in Visionary Technology in Library Solutions (VTLS) vtls.web.gateway before 48.1.1 allows remote attackers to inject arbitrary web script or HTML via the searchtype parameter. | 4.3 |
2007-11-15 | CVE-2007-5990 | Cross-Site Scripting vulnerability in EXO Exophpdesk 1.2.1 Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a user profile, possibly the (1) name and (2) website parameters to register.php. | 4.3 |
2007-11-15 | CVE-2007-5985 | Cross-Site Scripting vulnerability in Bti-Tracker Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker before 1.4.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to (1) account.php, (2) moresmiles.php, or (3) recover.php; or (4) the "to" parameter to usercp.php. | 4.3 |
2007-11-15 | CVE-2007-5983 | Cross-Site Scripting vulnerability in Justin Hagstrom Autoindex PHP Script Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF). | 4.3 |
2007-11-15 | CVE-2007-5982 | Cross-Site Scripting vulnerability in X7 Group X7 Chat 2.0.4/2.0.5 Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, 2.0.5, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) room parameter to sources/frame.php, the (2) theme_c parameter to help/index.php, or the (3) INSTALL_X7CHATVERSION parameter to upgradev1.php. | 4.3 |